J. Brad Hicks (bradhicks) wrote in logjam,
J. Brad Hicks
bradhicks
logjam

~/.logjam unhappiness

I had occasion this morning to manually edit my ~/.logjam/conf.xml preference file. I'm not especially happy about having had to edit it manually, but that was the only way I could get LogJam 4.4.0 to save my default font size for the editor window. I kept setting it to FreeSans 11, and it kept setting itself back to FreeSans 10.

While doing so, I browsed the various other conf.xml files I found, and found something really, really disturbing. I was not expecting to find that my journal's password was saved to clear text. I was even more so not expecting to find the permissions on that file, and every other file inside the .logjam folder, defaulted to 666. The directory itself and all the subdirectories were correctly set to 700, but any user on the same machine who knew my LJ name and who used LogJam themselves could deduce the directory path and open, view, and edit every file in there. I consider that a pretty big bug.
Subscribe
  • Post a new comment

    Error

    default userpic
    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 8 comments