Comment 13 for bug 1910298
Revision history for this message
| Ian Johnson (anonymouse67) wrote Re: .cache and .config directories in ~/snap/ should be o0700 | #13 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
After discussion with the security team, we decided that a CVE is relevant for this bug, but that it doesn't need to be private, so I've set it as public.
I also discussed the idea of having snapd set the permissions for user's ~/snap directories to 0700, and it was generally agreed that was a good idea, so long as it is done with adequate frequency; the fix should probably be done by snapd or snapd's userd on every startup to account for the fact that some users might not use snaps frequently (and thus a solution that I proposed by having `snap run` do the fix) and they should still be protected.