Launchpadlib support in Ubuntu Developer Tools

Kees Cook kees at
Wed Jan 14 19:18:35 GMT 2009

On Wed, Jan 14, 2009 at 10:58:58AM -0800, Kees Cook wrote:
> On Wed, Jan 14, 2009 at 02:54:11PM +0000, Jonathan Davies wrote:
> > I've improved the error message so that it asks people to see the
> > manage-credentials manpage.
> Please make sure that the tool that creates the credentials stores them in
> a mode 0600 file.  The API examples[1] do not mention this, and I think
> it's an important bit of protection.
> While playing with lplib for security team work, I took this a step
> further and even make the directory unreadable.  e.g.:

er, I missed a rather important last line.  Re-paste:

    cachedir = os.path.expanduser('~/.launchpadlib/cache')
    if not os.path.exists(cachedir):

    credfile = os.path.expanduser('~/.launchpadlib/credentials')
        credentials = Credentials()
        launchpad = Launchpad(credentials, EDGE_SERVICE_ROOT, cachedir)
        launchpad = Launchpad.get_token_and_login(sys.argv[0], EDGE_SERVICE_ROOT, cachedir),"w",0600))

Kees Cook
Ubuntu Security Team

More information about the Ubuntu-motu mailing list