[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: address@hidden: security: url-cookies file stored world-readable, al
From: |
Glenn Morris |
Subject: |
Re: address@hidden: security: url-cookies file stored world-readable, allowing session hijacking] |
Date: |
Sat, 08 Dec 2007 20:38:09 -0500 |
User-agent: |
Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/) |
> I just noticed that ~/.url/cookies was world-readable, and its parent
> directory was world-readable, exposing the cookies emacs held to the
> outside world, which allows for a session hijacking attack.
I can fix this. Should ~/.url be private, or just certain files within
it (cookies, history, what else)?