Modify

Opened 10 years ago

Closed 8 years ago

#4667 closed defect (fixed)

Make preferences file only readable by the owner

Reported by: dpaleino Owned by: team
Priority: normal Milestone:
Component: Core Version:
Keywords: java6 Cc:

Description

Hello,

I had a bug reported in Debian complaining about the world-readibility of ~/.josm/preferences , since it contains the plaintext password to OSM.

I'm attaching a patch, which will only work on the Linux platform (maybe also on MacOS X?), since it directly calls /bin/chmod. Maybe when JOSM will use 1.6 more portable methods could be used (see the comment).

Attachments (1)

preferences_chmod_600.patch (1.3 KB) - added by dpaleino 10 years ago.
chmod preferences file to 600

Download all attachments as: .zip

Change History (7)

Changed 10 years ago by dpaleino

Attachment: preferences_chmod_600.patch added

chmod preferences file to 600

comment:1 Changed 10 years ago by Gubaer

Keywords: java6 added
Summary: Make preferences file only readable by the ownerPATCH: Make preferences file only readable by the owner

I'd rather not apply the patch and wait for the upcoming switch to Java6 and apply what you suggest in the patch comment. Not sure when this is going to happen, though, the schedule for switching to Java6 has been slipped twice in the past.

comment:2 Changed 9 years ago by jstein

should someone join the ticket with
Ticket #4629 ?

Will the patch repair old profiles too?

comment:3 Changed 9 years ago by dpaleino

#4629 is the same exact issue, but I don't see the reason why it's been closed. It's a bug, and it should be fixed. I'd say: join them, but keep the bug open.

As it currently is, the patch "repairs" old profiles too. But it works only on systems where "chmod" is available -- i.e. if running on Windows, it won't be fixed. That's why I'm suggesting to use an alternative method which uses Java6. But, for the moment being, this patch will fix the problem in all Linux environments.

Have a nice day,
David

comment:4 Changed 9 years ago by jstein

Ticket #4629 has been marked as a duplicate of this ticket.

comment:5 Changed 9 years ago by stoecker

Summary: PATCH: Make preferences file only readable by the ownerMake preferences file only readable by the owner

Java6 is now possible to use for josm core.

comment:6 Changed 8 years ago by jttt

Resolution: fixed
Status: newclosed

In [4200/josm]:

Fix #4667 Make preferences file only readable by the owner

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain team.
as The resolution will be set.
The resolution will be deleted.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.