Bug 17308

Summary: world-readable history: ~/.xine/xine-ui_old_playlist.tox
Product: Branch 4.0 Reporter: Ivan Zakharyaschev <imz>
Component: xine-uiAssignee: Nobody's working on this, feel free to take it <nobody>
Status: CLOSED WONTFIX QA Contact: Q.A. 4.0 <qa-4.0>
Severity: normal    
Priority: P2    
Version: 4.0   
Hardware: all   
OS: Linux   
Bug Depends on:    
Bug Blocks: 17310    

Description Ivan Zakharyaschev 2008-09-24 01:22:35 MSD 
xine-ui-0.99.5-alt2 from Lite 4.0.3

I assume the conventional policy towards history files is not to make them world-readable. (Example: ~/.bash_history is not
world-readable.)

But the file ~/.xine/xine-ui_old_playlist.tox which tracks the last played item is made world-readable:

$ l .xine/xine-ui_old_playlist.tox 
-rw-r--r-- 1 imz imz 107 Сен 24 01:13 .xine/xine-ui_old_playlist.tox
$ 

Proof that it stores bits of history:

$ cat .xine/xine-ui_old_playlist.tox 
# toxine playlist

entry {
	identifier = /WIN/Exped/mvi_0641.avi;
	mrl = /WIN/Exped/mvi_0641.avi;
};
# END
$ 

Expected: it isn't world-readable. Good example: ~/.mc/history is not world-readable:

$ l .mc
итого 28
drwx------ 28 imz imz 4096 Сен 23 23:15 ../
drwxr-xr-x  3 imz imz 4096 Сен 23 22:56 ./
-rw-r--r--  1 imz imz  353 Сен 23 22:56 filepos
-rw-------  1 imz imz  521 Сен 23 22:56 history
-rw-r--r--  1 imz imz 3433 Сен 23 22:56 ini
-rw-r--r--  1 imz imz   35 Сен 23 22:56 Tree
drwx------  2 imz imz 4096 Авг  1 19:24 cedit/
$
Comment 1 Ivan Zakharyaschev 2008-09-24 01:24:23 MSD 
Workaround: chmod go-r .xine/xine-ui_old_playlist.tox , the changed permissions are kept after that.
Comment 2 Michael Shigorin 2014-11-05 20:16:41 MSK 
В 4.0/branch исправления не будут вноситься уже технически (заглушена очередь на сборку), поэтому прошу ошибки, актуальные для sisyphus/p7/t7, перевесить на текущие ветки или сизиф.