https://bugs.kde.org/show_bug.cgi?id=358593
Tomas Hoger <tho...@pobox.sk> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |tho...@pobox.sk
--- Comment #4 from Tomas Hoger <tho...@pobox.sk> ---
Ain't this fix racy? The file is first created as world readable, and later
chmod-ed to expected permissions, leaving a (small) window during which the
file can be opened by anyone.
Also this looks like a symptom of a larger problem. Previously, the xauth file
was stored in the /tmp/kde-$username directory with safe permissions (700):
https://userbase.kde.org/KDE_System_Administration/KDE_Filesystem_Hierarchy#Temporary_Files
That directory does not seem to be created any more. Other programs that
previously created temporary files with world-readable permissions inside the
safe directory may also be affected if they now use /tmp directly instead.
--
You are receiving this mail because:
You are watching all bug changes.
