On Sun, 20 Nov 2011 15:39:36 +0100 Alexander Kurtz wrote: [...] > Hi, > > after watching videos on YouTube I found this in /tmp: > > $ ls -l /tmp/gnash* > -rw-r--r-- 1 alexander alexander 329 Nov 20 15:22 /tmp/gnash-cookies.31032 > $ Hi! I am a user of the gnash package and I am experiencing the same issue. > > Please note that the file is world-readable. [...] > Since gnash is installed per default and also starts playing as soon as > flash content is detected, this can be a serious security/privacy issue > on multi-user systems. Gnash should either use $HOME for storing cookies > or create them with sane permissions (0600). I would add the following consideration: why does gnash create cookies at all? I thought I managed to disable flash cookies long time ago with the following setting: $ grep SOLSafeDir /etc/gnashrc set SOLSafeDir /dev/null but it seems that this option is not (or no longer?) enough to prevent gnash from creating/storing cookies. Could someone please tell me where is the option to disable cookies? I think there should be one, but I seem to be unable to find it... Thanks for your time! -- http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt New GnuPG key, see the transition document! ..................................................... Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE
Attachment:
pgpFpM338U6JR.pgp
Description: PGP signature