Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

The Handling of the credfile_default file in bindings.py is a possible security risk. #1

d1b opened this Issue Aug 30, 2011 · 1 comment


None yet
2 participants

d1b commented Aug 30, 2011

bindings.py writes to either the provided credfile or credfile_default --->
where credfile_default = os.path.expanduser("/.orionauth")
The default home directory permission and umask setting on some linux distributions is fairly relaxed and on these systems other than the use executing the python script maybe able to read the file(


ghost commented Nov 21, 2011

Closed by pull from d1b

@ghost ghost closed this Nov 21, 2011

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment