(*** This bug was imported into bugs.kde.org ***) Package: kscd Version: kscd: 1.3.3 (using KDE 3.0.7 CVS/CVSup/Snapshot) Severity: normal Installed from: Compiled sources Compiler: Not Specified OS: Linux OS/Compiler notes: mandrake cooker but the bug is long standing cddb files are put in /usr/share/apps/kscd/cddb/... and they are world writable. As /usr is not normally for variable files they don't belong here there place should be somewhere under /var/lib/... as many sysadmin mount /usr as a read-only partition. world writable files are also seen as a security threat by checkers such as msec. A cddbusers group should exist or files could be owned and writable by the "user" group but not by anybody. (Submitted via bugs.kde.org)
the path can be set in the configuration dialog, and defaults to the KDE install prefix, as all KDE apps do. this is not a bug, and it is easy for users to change. as to the security issue of world writable files: if you can show me actual security problem, then i'd do something about it. otherwise, this is a non-issue and can be handled by integrators if so desired...