A Couple of Thunderbird Questions
Daniel Robitaille
robitaille at gmail.com
Wed May 4 08:02:58 UTC 2005
On Wed, 2005-04-05 at 08:41 +0100, Magnus Therning wrote:
> Hmmm, I do wonder if that's the reason. I mean '*.default' would find
> the directory in question. The evil attacker could also simply ready
> ~/.mozilla/firefox/profiles.ini to find out where the configuration is
> located.
I cannot judge if it actually works to have a random path, but a
security argument is the reason that is usually given for the use of a
randomly-generated profile path for your mozilla profile. See for
example:
http://ilias.ca/mozilla/profilefaq/#SLT
"3. What's the SLT directory, and why is it there?
Within your profile folder, there is a folder with 8 random characters
followed by the extension "slt", which contains all of your profile
data. This is referred to as a salted directory. When you first create
your profile, the salted directory is created with a randomly generated
name. Mozilla does this as a security measure to prevent outsiders from
being able to predict the file paths of your profile information."
--
Daniel Robitaille
GPG: http://robitaille.fastmail.fm/pubkey.asc (0x5C19F466)
IM Jabber: robitaille at jabber.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20050504/2649d48f/attachment.sig>
More information about the ubuntu-users
mailing list