devinus
commented
6 years ago This will need to be reported here: https://github.com/nanocurrency/raiblocks
We can upstream it once it's ready there.
Closed alexbakker closed 6 years ago
devinus
commented
6 years ago This will need to be reported here: https://github.com/nanocurrency/raiblocks
We can upstream it once it's ready there.
Wallet files in the "~/.config/Nano Desktop Wallet/backup" directory are stored with insecure permissions. Most systems have a default umask of 022 which results in 0644 as the default permissions of files. As a consequence, other users on the same system can read the contents of these files. Instead, it should only be readable by the owner of the file.
This is also an issue in the legacy desktop wallet. I reported it months ago in private. It was acknowledged, but never fixed.