FS#291 - World-readable and writable cookie jar

Attached to Project: Uzbl
Opened by Luca Bruno (kaeso) - 2012-02-11 01:11:03 PM
Last edited by Brendan Taylor (bct) - 2012-07-23 11:49:28 PM
Task Type Bug Report
Category uzbl-core
Status Closed
Assigned To No-one
Operating System All
Severity Critical
Priority Normal
Reported Version Development
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No


From Debian bugtracker:

> $ ls -ld ~/.local/{,share/{,uzbl/{,cookies.txt}}}
> drwxr-xr-x 3 user users 4096 Feb 9 23:29 /home/user/.local/
> drwxr-xr-x 4 user users 4096 Feb 9 23:29 /home/user/.local/share/
> drwxr-xr-x 2 user users 4096 Feb 9 23:29 /home/user/.local/share/uzbl/
> -rw-rw-rw- 1 user users 732 Feb 9 23:29 /home/user/.local/share/uzbl/cookies.txt
>This allows local users to steal cookies (and tamper with them).

This has been reported as Debian bug #659379:

A CVE request is currently pending and a CVE id should be issued soon:
This task depends upon

Closed by  Brendan Taylor (bct)
2012-07-23 11:49:28 PM
Reason for closing:  Fixed
Additional comments about closing:  this was fixed in the may release
Comment by Luca Bruno (kaeso) - 2012-02-12 06:07:06 PM
In the meanwhile, this has been assigned CVE-2012-0843.
I cooked a quick patch for cookie plugin handler, for which a pull request is pending:

I'd be glad if you could be please review and fix.
I'm going to upload this in a couple of days, if no objections.
Comment by Brendan Taylor (bct) - 2012-02-12 07:54:06 PM
Merged into master. Thanks for discovering & fixing this.
Comment by Brendan Taylor (bct) - 2012-02-12 07:54:46 PM
(I'm planning to do a release at the end of the day, btw.)