winetricks saves steam login and password in world-readable files

[GoogleCodeExporter]

What steps will reproduce the problem?
1. install a steam game with winetricks
2. enter steam login and password when prompted by winetricks
3.

What is the expected output? What do you see instead?

as part of the install process, steam saves the login and password in
two files:

~/.cache/winetricks/steamconfig.pl
~/.cache/winetricks/steam_password.txt

these files are created with default permissions (typically 644),
but perms should be explicitly set to 600.

What version of the product are you using? On what operating system?

WINETRICKS_VERSION=20110417
Debian Sid

Please provide any additional information below.

two versions of a patch attached. the first just sets the permissions.
the second also uses tr for rot-13 as a trivial barrier to accidentally
seeing the login & passwd (will NOT in any way protect against a root user who 
deliberately wants to see the credentials...but they can get that from steam's 
data if they're determined to, anyway).

Original issue reported on code.google.com by craig.sa...@gmail.com on 22 Apr 2011 at 12:15

Attachments:

• steam-credentials-chmod.patch
• steam-credentials-rot13.patch

[GoogleCodeExporter]

I don't think obscuring is necessary, as viewing it requires explicit opening 
of the file anyway (which has a fairly obvious name and lives in a very 
non-obvious folder).

However, I do think we should obscure the text when it is actually entered.  
This is easily doable with zenity....iirc my initial patchset for steam 
actually did that but it seems to have slipped out.

Original comment by YokoZar on 22 Apr 2011 at 10:19

[GoogleCodeExporter]

Committed the simple version, thanks!

(Does Steam itself use asterisks during entry?  If so, we probably should, too.
Sorry I missed that.)

Original comment by daniel.r...@gmail.com on 24 Apr 2011 at 1:00

• Changed state: Fixed