Bug#649384: gnash creates world-readable cookies under /tmp
invernomuto at paranoici.org
Sun Nov 20 20:12:10 UTC 2011
On Sun, 20 Nov 2011 15:39:36 +0100 Alexander Kurtz wrote:
> after watching videos on YouTube I found this in /tmp:
> $ ls -l /tmp/gnash*
> -rw-r--r-- 1 alexander alexander 329 Nov 20 15:22 /tmp/gnash-cookies.31032
I am a user of the gnash package and I am experiencing the same issue.
> Please note that the file is world-readable.
> Since gnash is installed per default and also starts playing as soon as
> flash content is detected, this can be a serious security/privacy issue
> on multi-user systems. Gnash should either use $HOME for storing cookies
> or create them with sane permissions (0600).
I would add the following consideration: why does gnash create cookies
I thought I managed to disable flash cookies long time ago with the
$ grep SOLSafeDir /etc/gnashrc
set SOLSafeDir /dev/null
but it seems that this option is not (or no longer?) enough to prevent
gnash from creating/storing cookies.
Could someone please tell me where is the option to disable cookies?
I think there should be one, but I seem to be unable to find it...
Thanks for your time!
New GnuPG key, see the transition document!
..................................................... Francesco Poli .
GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 836 bytes
Desc: not available
More information about the pkg-flash-devel