Make preferences file only readable by the owner

[dpaleino]

Hello,

I had a bug reported in Debian complaining about the world-readibility of ~/.josm/preferences , since it contains the plaintext password to OSM.

I'm attaching a patch, which will only work on the Linux platform (maybe also on MacOS X?), since it directly calls /bin/chmod. Maybe when JOSM will use 1.6 more portable methods could be used (see the comment).

[dpaleino]

chmod preferences file to 600

[Gubaer]

I'd rather not apply the patch and wait for the upcoming switch to Java6 and apply what you suggest in the patch comment. Not sure when this is going to happen, though, the schedule for switching to Java6 has been slipped twice in the past.

[jstein]

should someone join the ticket with
Ticket #4629 ?

Will the patch repair old profiles too?

[dpaleino]

#4629 is the same exact issue, but I don't see the reason why it's been closed. It's a bug, and it should be fixed. I'd say: join them, but keep the bug open.

As it currently is, the patch "repairs" old profiles too. But it works only on systems where "chmod" is available -- i.e. if running on Windows, it won't be fixed. That's why I'm suggesting to use an alternative method which uses Java6. But, for the moment being, this patch will fix the problem in all Linux environments.

Have a nice day,
David

[jstein]

Ticket #4629 has been marked as a duplicate of this ticket.

[stoecker]

Java6 is now possible to use for josm core.

[jttt]

In [4200/josm]:

Fix #4667 Make preferences file only readable by the owner