Bug 351611

Summary: Full screen screenchot stored in /tmp
Product: [Unmaintained] ksnapshot Reporter: Antonio Rojas <arojas>
Component: kscreengenieAssignee: Boudhayan Gupta <me>
Status: RESOLVED FIXED    
Severity: normal    
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Arch Linux   
OS: Linux   
Latest Commit: http://commits.kde.org/kscreengenie/090fe46ca8d788d6a01a83ccdc5b76fd0d64304b Version Fixed In:
Sentry Crash Report:

Description Antonio Rojas 2015-08-22 12:32:41 UTC 
When starting kscreengenie, a full screen screenshot is immediately stored in /tmp with read permissions for every user of the system. This is a serious privacy issue IMO.

Reproducible: Always

Steps to Reproduce:
1.Launch kscreengenie
2.Check /tmp

Actual Results:  
A world-readable screenshot of the entire screen is stored
Comment 1 Boudhayan Gupta 2015-08-22 12:54:50 UTC 
I'm going to mitigate this for now by making it only user-readable, but the correct thing to do would be to drop support for KIPI so that I don't have to save a temp file anywhere. Before I drop KIPI support though I'll have to build a replacement.
Comment 2 Boudhayan Gupta 2015-08-22 13:19:31 UTC 
Git commit 090fe46ca8d788d6a01a83ccdc5b76fd0d64304b by Boudhayan Gupta.
Committed on 22/08/2015 at 13:18.
Pushed by bgupta into branch 'master'.

Change permissions on temporary save to be user-read/writeable only

M  +10   -3    src/KSCore.cpp

http://commits.kde.org/kscreengenie/090fe46ca8d788d6a01a83ccdc5b76fd0d64304b