From: David Paleino <dapal@debian.org>
Subject: make the preferences file owner-only readable
Forwarded: https://josm.openstreetmap.de/ticket/4667

---
 src/org/openstreetmap/josm/data/Preferences.java |   15 +++++++++++++++
 1 file changed, 15 insertions(+)

--- josm.orig/src/org/openstreetmap/josm/data/Preferences.java
+++ josm/src/org/openstreetmap/josm/data/Preferences.java
@@ -393,6 +393,14 @@ public class Preferences {
         File tmpFile = new File(prefFile + "_tmp");
         copyFile(tmpFile, prefFile);
         tmpFile.delete();
+
+        setCorrectPermissions();
+    }
+
+    public void setCorrectPermissions() throws IOException {
+        // Make it owner-only-readable.
+        // FIXME: newest versions will use JDK 1.6, it has set*() functions.
+        Runtime.getRuntime().exec("/bin/chmod 600 " + getPreferenceFile().getAbsolutePath());
     }
 
     /**
@@ -509,6 +517,13 @@ public class Preferences {
                 System.err.println(tr("Warning: Failed to initialize preferences.Failed to reset preference file to default: {0}", getPreferenceFile()));
             }
         }
+
+        try {
+            setCorrectPermissions();
+        }
+        catch (IOException e) {
+            e.printStackTrace();
+        }
     }
 
     public final void resetToDefault(){