Bug 383144

Summary: Notification pictures get stored on /tmp
Product: [Applications] kdeconnect Reporter: Aleix Pol <aleixpol>
Component: commonAssignee: Albert Vaca Cintora <albertvaka>
Status: RESOLVED FIXED    
Severity: normal CC: bugs.kde.org, kishore96, nicolas.fella
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Other   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Aleix Pol 2017-08-04 23:58:10 UTC 
If I go to /tmp/kdeconnect I get to see which friends messaged me. This is wrong because this is personal data:
- some people encrypt their home folder because of such privacy concerns
- on shared systems one would get to see their each other's acquaintances
Comment 1 Albert Vaca Cintora 2017-08-05 10:40:07 UTC 
Every plugin has a storage directory available to it. Maybe we can use that? Or do you thin it would be better to not store images at all, and just have them in memory?
Comment 2 Thomas Posch 2017-08-05 13:58:58 UTC 
To me this sounds more like a permission problem.
Remove read/write/execute permissions from group/other and this should be fixed.

Note: all other files in /tmp belonging to my user already have the permissions set this way
Comment 3 Aleix Pol 2018-01-16 22:00:47 UTC 
commit 7e7aa6df3fe599e73272be86543fc9f43a2c17d2
Author: Nicolas Fella <nicolas.fella@gmx.de>
Date:   Fri Dec 29 18:38:09 2017 +0100

    Fix information leak via /tmp
    
    Summary: BUG: 383144
    
    Reviewers: #kde_connect, apol, albertvaka
    
    Reviewed By: #kde_connect, apol, albertvaka
    
    Subscribers: thomasp, apol, #kde_connect, albertvaka
    
    Tags: #kde_connect
    
    Differential Revision: https://phabricator.kde.org/D7146