A Couple of Thunderbird Questions

Daniel Robitaille robitaille at gmail.com
Wed May 4 08:02:58 UTC 2005


On Wed, 2005-04-05 at 08:41 +0100, Magnus Therning wrote:
> Hmmm, I do wonder if that's the reason. I mean '*.default' would find
> the directory in question. The evil attacker could also simply ready
> ~/.mozilla/firefox/profiles.ini to find out where the configuration is
> located. 

I cannot judge if it actually works to have a random path, but a
security argument is the reason that is usually given for the use of a
randomly-generated profile path for your mozilla profile.   See for
example:
http://ilias.ca/mozilla/profilefaq/#SLT


"3. What's the SLT directory, and why is it there?
Within your profile folder, there is a folder with 8 random characters
followed by the extension "slt", which contains all of your profile
data. This is referred to as a salted directory. When you first create
your profile, the salted directory is created with a randomly generated
name. Mozilla does this as a security measure to prevent outsiders from
being able to predict the file paths of your profile information."


-- 
Daniel Robitaille
 GPG: http://robitaille.fastmail.fm/pubkey.asc (0x5C19F466)
 IM Jabber: robitaille at jabber.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20050504/2649d48f/attachment.sig>


More information about the ubuntu-users mailing list