Improve patch to chmod existing accounts.xml file
authorJulien Valroff <julien@kirya.net>
Sun, 23 May 2010 12:05:01 +0000 (14:05 +0200)
committerJulien Valroff <julien@kirya.net>
Sun, 23 May 2010 12:05:01 +0000 (14:05 +0200)
debian/patches/001_sec-accounts-file.diff

index 46f14a4..9b152e2 100644 (file)
@@ -3,9 +3,19 @@ Author: Julien Valroff <julien@kirya.net>
 Bug: http://code.google.com/p/pino-twitter/issues/detail?id=48
 Forwarded: yes
 
---- pino.orig/src/accounts.vala        2010-05-23 13:14:44.000000000 +0200
-+++ pino/src/accounts.vala     2010-05-23 13:16:39.000000000 +0200
-@@ -106,7 +106,7 @@
+Index: pino/src/accounts.vala
+===================================================================
+--- pino.orig/src/accounts.vala        2010-05-23 13:35:27.000000000 +0200
++++ pino/src/accounts.vala     2010-05-23 14:04:32.000000000 +0200
+@@ -21,6 +21,7 @@
+ using Xml;
+ using Gee;
++using GLib;
+ namespace Auth {
+@@ -106,9 +107,14 @@
                var acc_file = File.new_for_path(acc_file_path);
                
                if(!acc_file.query_exists(null)) {
@@ -13,4 +23,11 @@ Forwarded: yes
 +                      var acc_stream = acc_file.create(FileCreateFlags.PRIVATE, null);
                        is_new = true;
                        return;
++              } else {
++                      // If accounts.xml already exists, make sure it is only readable by its owner
++                      // as it contains the credentials in clear text
++                      GLib.FileUtils(acc_file,0600);
++                      return;
                }
+               
+               //reading content