Summary: | Thumbnails of files in vaults are unencrypted | ||
---|---|---|---|
Product: | [Plasma] Plasma Vault | Reporter: | eemantsal <infmtk> |
Component: | general | Assignee: | Ivan Čukić <ivan.cukic> |
Status: | RESOLVED FIXED | ||
Severity: | grave | CC: | nate, phobosk |
Priority: | NOR | ||
Version: | unspecified | ||
Target Milestone: | --- | ||
Platform: | Other | ||
OS: | Linux | ||
Latest Commit: | https://commits.kde.org/kio/bc42a1b2f9138558eb0d3d33f70e0e416a5225ca | Version Fixed In: | 5.57 |
Description
eemantsal
2019-02-23 22:38:15 UTC
This will be remedied as soon as the patch to KIO gets through. Git commit bc42a1b2f9138558eb0d3d33f70e0e416a5225ca by Ivan Cukic. Committed on 24/03/2019 at 14:15. Pushed by ivan into branch 'master'. Don't create thumbnails for encrypted Vaults Summary: This patch makes PreviewJob skip thumbnail generation on fuse.encfs and fuse.cryfs mounts. Reviewers: davidedmundson, dfaure Reviewed By: davidedmundson Subscribers: broulik, kde-frameworks-devel Tags: #frameworks Differential Revision: https://phabricator.kde.org/D19979 M +21 -0 src/widgets/previewjob.cpp https://commits.kde.org/kio/bc42a1b2f9138558eb0d3d33f70e0e416a5225ca Hi @Ivan Čukić, This patch seems a rather drastic approach to the problem.... Yes it is the easiest way to address the problem, but not a user friendly one and cripples KDE functionality...It makes totally impossible to use preview on any file on encrypted volumes. It does even cripples gwenview browse mode... and many users would like to have previews even on encrypted volumes... So is it possible for you or someone to think of a more user friendly way to cope with the issue? For example isn't there a way to make KIO (thumbnails) generate previews/thumbnails and show them in dolphin/gwenview/etc but not store them on disk (maybe something using bSave or bNeedCache). Even if next time the user revisits the same folder to regenerate all from scratch? Besides from a security point of view, once an encrypted volume is mounted, it is totally exposed to services and applications running under the user session - like baloo, tracker, kactivitymanagerd etc, - so in a way a total security fix is actually hard to achieve... Thanks Hi Phobos, The next patch will be dedicated to KIO thumbnailer not caching the thumbnails. I agree this is a drastic measure. The aim is to have thumbnails disabled in dolphin and enabled in gwenview, but without caching. Thanks very much :) But why disabled in dolphin? A use case like mine for example - where I have a lot of PDF and ODT files in the encrypted folder - and I can differentiate between them thanks to the thumbnails and the previews... So could the aim be just a thumbnail/preview working in any KDE app but none of those to be cached anywhere? :) I'll have to think about that. I understand the usability pov. The reason why I'm leaning against it is that even if the thumbnails are not cached, all the files are decrypted (accessible to applications that can inspect RAM) and can potentially even end up saved on the swap drive. When you open gwenview, you show intent that you want to see those files. I'd like the thumbnails to be visible in Dolphin, too. For encrypted vaults, could we give KIO some extra smarts to store the thumbnails inside the vault itself rather than in the XDG thumbnails dir? People with extra super secure needs can always disable thumbnails (and probably already have). |