[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Monotone-devel] [patch] add access checks for monotonerc
|
From: |
Matt Johnston |
|
Subject: |
Re: [Monotone-devel] [patch] add access checks for monotonerc |
|
Date: |
Sat, 3 Feb 2007 22:46:51 +0900 |
|
User-agent: |
Mutt/1.5.13 (2006-08-11) |
On Sat, Feb 03, 2007 at 12:33:04AM -0800, Nathaniel J. Smith wrote:
> On Fri, Feb 02, 2007 at 07:59:23PM -0800, Eric Christopher wrote:
> > Since users could be storing something silly like a passphrase in
> > their monotonerc we should probably check to make sure it isn't
> > readable/writable by everyone else as well. Here's a quick patch to do
> > that. The downside is that we need to fix the rc file in a bunch of
> > the monotone testcases as well. That isn't in the patch :)
>
> Makes sense, I guess. Might annoy some people, since only some people
> put passphrases into monotonerc, but we can see what users think...
Personally I'm not sure this is a good idea. On multi-user
systems, I usually make a point of keeping standard dot
files (.muttrc, .pwm/*, .zshrc, .ssh/config etc)
world-readable, as it's a useful way of teaching people how
to use less-known program features.
Maybe changing the std_hooks file to look for passwords in
~/.monotone/passwords, and ensuring appropriate permissions
on that file (and keys themselves) would be better?
Matt