Launchpadlib support in Ubuntu Developer Tools

Kees Cook kees at
Wed Jan 14 18:58:58 GMT 2009

On Wed, Jan 14, 2009 at 02:54:11PM +0000, Jonathan Davies wrote:
> I've improved the error message so that it asks people to see the
> manage-credentials manpage.

Please make sure that the tool that creates the credentials stores them in
a mode 0600 file.  The API examples[1] do not mention this, and I think
it's an important bit of protection.

While playing with lplib for security team work, I took this a step
further and even make the directory unreadable.  e.g.:

    cachedir = os.path.expanduser('~/.launchpadlib/cache')
    if not os.path.exists(cachedir):

    credfile = os.path.expanduser('~/.launchpadlib/credentials')
        credentials = Credentials()
        launchpad = Launchpad(credentials, EDGE_SERVICE_ROOT, cachedir)
        launchpad = Launchpad.get_token_and_login(sys.argv[0], EDGE_SERVICE_ROOT, cachedir)



Kees Cook
Ubuntu Security Team

More information about the ubuntu-devel mailing list