move server token file to private directory. -> JSON-57

Roker 6 years ago
parent 347a2d59eb
commit ebc5ea47fc

@ -323,6 +323,26 @@ The following issues are planned but not yet implemented.
Let's discuss different attack / threat scenarios. I don't know which are
realistic or possible, yet.
### General ideas / improvements
Currently the JSON Server Adapter writes its server token file in /tmp/,
a world-readable, world-writable but "sticky" (than means: user A cannot
delete files of user B) directory.
It would be a big security win and prevent many possible attacks when we
move that file into a directory that is only readable & writable by the
user (0700 access rights on Unix, on MS Windows there are similiar
concepts). The suggestion would be ~/.pEp/ which is already used by other
pEp software components.
So the server token file will move from /tmp/pEp-json-token-$USER into
$HOME/.pEp/json-token on UNIX/Linux/MacOS and
%LOCALAPPDATA%/pEp/json-token on MS Windows.
The JSON Server Adapter also checks whether .pEp has 0700 access rights
on unixoid systems.
### Attacker with the same user rights
If the attacker is able to run his malicious code with the same user