World readable cookie.db #77

mason-larobina opened this Issue Apr 25, 2012 · 2 comments


None yet

3 participants

Luakit Project member

Find an appropriate way to change the permissions on the $XDG_{CACHE,CONFIG,DATA}_DIR/luakit dirs to prevent other users peeking at a users cookies.db and other sensitive data (I.e. form data).


Doesn't seem like Luakit's problem to me. My home directory in Arch Linux has permissions 700 by default, so nobody(except root and me) can access anything there anyway. It is like that in most distributions, but Ubuntu, for some reason, has 755 by default.

As for other browsers, some of them set their config directory permissions to 700(Firefox and Chromium), some of them don't(dwb).


Let us be paranoid enough now than lost later. ;D

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment