[PR #1650] [MERGED] fix: credential file shouldn't be world readable #1475

New issue

Closed

opened 2026-02-27 20:02:35 +03:00 by kerem · 0 comments

kerem commented

2026-02-27 20:02:35 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/librespot-org/librespot/pull/1650
Author: @eladyn
Created: 11/23/2025
Status: ✅ Merged
Merged: 12/24/2025
Merged by: @photovoltex

Base: dev ← Head: credential_file_perms

📝 Commits (2)

38df9bd fix: credential file shouldn't be world readable
98d73fe fix whitespace

📊 Changes

1 file changed (+19 additions, -8 deletions)

View changed files

📝 core/src/cache.rs (+19 -8)

📄 Description

As has been raised in https://github.com/Spotifyd/spotifyd/issues/1349 some time ago, the credential files in cache should probably not be world readable, as this allows for example other users on a multi-user system to use the Spotify account of another user.

This changes the default permissions for the file and suggests changing the permissions, if the file is world readable. One could of course just change the permissions instead of asking the user to do it, but this might be a little intrusive. If you think that the permissions should also be changed on other files / directories, let me know.

Note that this only works on Unix systems, I don't know anything about how Windows handles permissions, so didn't change anything there.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/librespot-org/librespot/pull/1650 **Author:** [@eladyn](https://github.com/eladyn) **Created:** 11/23/2025 **Status:** ✅ Merged **Merged:** 12/24/2025 **Merged by:** [@photovoltex](https://github.com/photovoltex) **Base:** `dev` ← **Head:** `credential_file_perms` --- ### 📝 Commits (2) - [`38df9bd`](https://github.com/librespot-org/librespot/commit/38df9bd46c26d7260668f8cf50dfb363e6c3efd6) fix: credential file shouldn't be world readable - [`98d73fe`](https://github.com/librespot-org/librespot/commit/98d73fe5702a2089e47491c55c81e60332cc265a) fix whitespace ### 📊 Changes **1 file changed** (+19 additions, -8 deletions) <details> <summary>View changed files</summary> 📝 `core/src/cache.rs` (+19 -8) </details> ### 📄 Description As has been raised in https://github.com/Spotifyd/spotifyd/issues/1349 some time ago, the credential files in cache should probably not be world readable, as this allows for example other users on a multi-user system to use the Spotify account of another user. This changes the default permissions for the file and suggests changing the permissions, if the file is world readable. One could of course just change the permissions instead of asking the user to do it, but this might be a little intrusive. If you think that the permissions should also be changed on other files / directories, let me know. Note that this only works on Unix systems, I don't know anything about how Windows handles permissions, so didn't change anything there. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

kerem

2026-02-27 20:02:35 +03:00

closed this issue
added the
pull-request
label

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/librespot#1475

No description provided.

Rows
Columns