World readable cookie.db #77

Open
mason-larobina opened this Issue Apr 25, 2012 · 2 comments

Projects

None yet

3 participants

@mason-larobina
Luakit Project member

Find an appropriate way to change the permissions on the $XDG_{CACHE,CONFIG,DATA}_DIR/luakit dirs to prevent other users peeking at a users cookies.db and other sensitive data (I.e. form data).

@ymln

Doesn't seem like Luakit's problem to me. My home directory in Arch Linux has permissions 700 by default, so nobody(except root and me) can access anything there anyway. It is like that in most distributions, but Ubuntu, for some reason, has 755 by default.

As for other browsers, some of them set their config directory permissions to 700(Firefox and Chromium), some of them don't(dwb).

@Plaque-fcc

Let us be paranoid enough now than lost later. ;D

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment