[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Monotone-devel] [patch] add access checks for monotonerc
|
From: |
Nathaniel J. Smith |
|
Subject: |
Re: [Monotone-devel] [patch] add access checks for monotonerc |
|
Date: |
Sat, 3 Feb 2007 00:33:04 -0800 |
|
User-agent: |
Mutt/1.2.5.1i |
On Fri, Feb 02, 2007 at 07:59:23PM -0800, Eric Christopher wrote:
> Since users could be storing something silly like a passphrase in
> their monotonerc we should probably check to make sure it isn't
> readable/writable by everyone else as well. Here's a quick patch to do
> that. The downside is that we need to fix the rc file in a bunch of
> the monotone testcases as well. That isn't in the patch :)
Makes sense, I guess. Might annoy some people, since only some people
put passphrases into monotonerc, but we can see what users think...
How well does this code compile/run on windows?
We might want to factor out this check into its own function (in
platform.hh, if there are in fact win32 problems), so that we can
re-use it -- the other use case I can think of is that we should
probably do the same check on private key files in .monotone/keys/.
(In fact, monotonerc's only sometimes need privacy, but private keys
are always sensitive...)
-- Nathaniel