351611 – Full screen screenchot stored in /tmp

Bug 351611 - Full screen screenchot stored in /tmp

Summary: Full screen screenchot stored in /tmp

Status:	RESOLVED FIXED

Alias:	None

Product:	ksnapshot
Classification:	Unmaintained
Component:	kscreengenie (show other bugs)
Version:	unspecified
Platform:	Arch Linux Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	Boudhayan Gupta

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-08-22 12:32 UTC by Antonio Rojas
Modified:	2015-08-22 13:19 UTC (History)
CC List:	0 users

See Also:
Latest Commit:	http://commits.kde.org/kscreengenie/090fe46ca8d788d6a01a83ccdc5b76fd0d64304b
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Antonio Rojas 2015-08-22 12:32:41 UTC

When starting kscreengenie, a full screen screenshot is immediately stored in /tmp with read permissions for every user of the system. This is a serious privacy issue IMO.

Reproducible: Always

Steps to Reproduce:
1.Launch kscreengenie
2.Check /tmp

Actual Results:  
A world-readable screenshot of the entire screen is stored

Comment 1 Boudhayan Gupta 2015-08-22 12:54:50 UTC

I'm going to mitigate this for now by making it only user-readable, but the correct thing to do would be to drop support for KIPI so that I don't have to save a temp file anywhere. Before I drop KIPI support though I'll have to build a replacement.

Comment 2 Boudhayan Gupta 2015-08-22 13:19:31 UTC

Git commit 090fe46ca8d788d6a01a83ccdc5b76fd0d64304b by Boudhayan Gupta.
Committed on 22/08/2015 at 13:18.
Pushed by bgupta into branch 'master'.

Change permissions on temporary save to be user-read/writeable only

M  +10   -3    src/KSCore.cpp

http://commits.kde.org/kscreengenie/090fe46ca8d788d6a01a83ccdc5b76fd0d64304b