clients
clients copied to clipboard
`data.json` uses mode 666 on linux
Steps To Reproduce
- Clear user data with
rm -r ~/.config/Bitwarden
- Open Bitwarden AppImage and login
- Observe access mode with
stat ~/.config/Bitwarden/data.json
Expected Result
~/.config/Bitwarden/data.json
should have access mode 0600/-rw-------
.
Actual Result
~/.config/Bitwarden/data.json
has access mode 0666/-rw-rw-rw-
. If the mode is manually changed to 600 with chmod 600 ~/.config/Bitwarden/data.json
, the application will change it back to 666.
Screenshots or Videos
No response
Additional Context
I have also witnessed briefly a temporary file of the form data.json.tmp-xxxxxxxxxxxxxxxx
with access mode 0644/-rw-r--r--
on application launch.
There are also some symbolic links SingletonCookie
,SingletonLock
, and SingletonSocket
that have mode 0777/lrwxrwxrwx
that exist as long as the application is open; one of these appears to store a sensitive variable, and symlinks cannot have access mode other than 777.
Operating System
Linux
Operating System Version
openSUSE Tumbleweed x86_64 20240423; kernel 6.8.7-1-default; KDE Plasma 6.0.4
Installation method
Direct Download (from bitwarden.com)
Build Version
2024.4.1
Issue Tracking Info
- [X] I understand that work is tracked outside of GitHub. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.
Hello @exincore,
Thank you for this report. Just to make sure that you and I are on the same page, how did you install that Bitwarden desktop client?
To be clear, we have captured this matter internally with regard to the .AppImage release, and we received a similar report about the Export function here.
Thank you in advance,
I downloaded the latest AppImage from https://bitwarden.com/download and moved it to ~/bin/Bitwarden-2024.4.1-x86_84.AppImage
.
Launching the application by executing Bitwarden-2024.4.1-x86_84.AppImage
in a shell will cause this issue.
Also, I have the daemon appimaged
which automatically generates this desktop file ~/.local/share/applications/appimagekit_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-bitwarden.desktop
; launching the application with this desktop file leads to the same result:
[Desktop Entry]
Name=Bitwarden
Exec=/home/exin/bin/Bitwarden-2024.4.1-x86_64.AppImage
Terminal=false
Type=Application
Icon=appimagekit_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx_bitwarden
StartupWMClass=Bitwarden
X-AppImage-Version=2024.4.1
GenericName=Password Manager
Comment=A secure and free password manager for all of your devices.
MimeType=x-scheme-handler/bitwarden;
Categories=Utility;
TryExec=/home/exin/bin/Bitwarden-2024.4.1-x86_64.AppImage
X-AppImage-Comment=Generated by appimaged 10
X-AppImage-Identifier=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi @exincore,
Thank you. Yes, this matter has already been captured internally, and we're looking into it; I will this external GitHub report open for visibility for the time being.
Thank you again,