From 25f478a1211e5a20463ddf664412b6a371785546 Mon Sep 17 00:00:00 2001 From: Will Robertson <6219869+aliask@users.noreply.github.com> Date: Sun, 19 May 2024 17:04:03 +1000 Subject: [PATCH 1/2] Set clipboard history file permisions to 600 The default permissions on file creation leaves it open to be read by anyone, which is probably not wanted as this likely contains sensitive info. --- clipboard/src/plugin.cpp | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/clipboard/src/plugin.cpp b/clipboard/src/plugin.cpp index aa7f9d58..c9f56b74 100644 --- a/clipboard/src/plugin.cpp +++ b/clipboard/src/plugin.cpp @@ -75,9 +75,13 @@ Plugin::~Plugin() } QFile file(dataDir().filePath(HISTORY_FILE_NAME)); + + if (!file.setPermissions(QFile::ReadOwner | QFile::WriteOwner)) + WARN << "Failed setting permissions on clipboard history."; + if (file.open(QIODevice::WriteOnly)) { - DEBG << "Wrinting clipboard history to" << file.fileName(); + DEBG << "Writing clipboard history to" << file.fileName(); file.write(QJsonDocument(array).toJson()); file.close(); } From 77078dcc58fbbbde2183e85f1d915deb81769cc1 Mon Sep 17 00:00:00 2001 From: Will Robertson <6219869+aliask@users.noreply.github.com> Date: Sun, 19 May 2024 18:43:34 +1000 Subject: [PATCH 2/2] Set permissions after file is created --- clipboard/src/plugin.cpp | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/clipboard/src/plugin.cpp b/clipboard/src/plugin.cpp index c9f56b74..aecfbc8d 100644 --- a/clipboard/src/plugin.cpp +++ b/clipboard/src/plugin.cpp @@ -76,11 +76,10 @@ Plugin::~Plugin() QFile file(dataDir().filePath(HISTORY_FILE_NAME)); - if (!file.setPermissions(QFile::ReadOwner | QFile::WriteOwner)) - WARN << "Failed setting permissions on clipboard history."; - if (file.open(QIODevice::WriteOnly)) { + if (!file.setPermissions(QFile::ReadOwner | QFile::WriteOwner)) + WARN << "Failed setting permissions on clipboard history."; DEBG << "Writing clipboard history to" << file.fileName(); file.write(QJsonDocument(array).toJson()); file.close();