Profile private keys on linux are world readable

Both the profilekeys directory and the files within it (which contain the private key and currently active public key) are created as world readable on linux:

 

nbastin@tr-work:~/.minecraft/profilekeys$ getfacl f9531e88-4354-4b4f-86e9-c2dbd87e9de2.json 
# file: f9531e88-4354-4b4f-86e9-c2dbd87e9de2.json
# owner: nbastin
# group: nbastin
user::rw-
group::rw-
other::r--

 

Both the directory and the files should be created as 0600 (or better using facls on filesystems that have that support).