Bug 383144 - Notification pictures get stored on /tmp
Summary: Notification pictures get stored on /tmp
Status: RESOLVED FIXED
Alias: None
Product: kdeconnect
Classification: Applications
Component: common (show other bugs)
Version: unspecified
Platform: Other Linux
: NOR normal
Target Milestone: ---
Assignee: Albert Vaca Cintora
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-08-04 23:58 UTC by Aleix Pol
Modified: 2018-01-16 22:00 UTC (History)
3 users (show)

See Also:
Latest Commit:
Version Fixed In:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Aleix Pol 2017-08-04 23:58:10 UTC
If I go to /tmp/kdeconnect I get to see which friends messaged me. This is wrong because this is personal data:
- some people encrypt their home folder because of such privacy concerns
- on shared systems one would get to see their each other's acquaintances
Comment 1 Albert Vaca Cintora 2017-08-05 10:40:07 UTC
Every plugin has a storage directory available to it. Maybe we can use that? Or do you thin it would be better to not store images at all, and just have them in memory?
Comment 2 Thomas Posch 2017-08-05 13:58:58 UTC
To me this sounds more like a permission problem.
Remove read/write/execute permissions from group/other and this should be fixed.

Note: all other files in /tmp belonging to my user already have the permissions set this way
Comment 3 Aleix Pol 2018-01-16 22:00:47 UTC
commit 7e7aa6df3fe599e73272be86543fc9f43a2c17d2
Author: Nicolas Fella <nicolas.fella@gmx.de>
Date:   Fri Dec 29 18:38:09 2017 +0100

    Fix information leak via /tmp
    
    Summary: BUG: 383144
    
    Reviewers: #kde_connect, apol, albertvaka
    
    Reviewed By: #kde_connect, apol, albertvaka
    
    Subscribers: thomasp, apol, #kde_connect, albertvaka
    
    Tags: #kde_connect
    
    Differential Revision: https://phabricator.kde.org/D7146