[Bug 287654] New: /var/tmp/kdecache security concern

[Mikiya Okuno]

https://bugs.kde.org/show_bug.cgi?id=287654

           Summary: /var/tmp/kdecache security concern
           Product: kde
           Version: unspecified
          Platform: Ubuntu Packages
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: wishlist
          Priority: NOR
         Component: general
        AssignedTo: unassigned-bugs at kde.org
        ReportedBy: mikiya.okuno at gmail.com


Version:           unspecified (using KDE 4.7.2) 
OS:                Linux

Currently, some cache files are created under /var/tmp/kdecache-USER directory.
Recently, many users encrypt their home directory for security. However,
creating user files other than their own home directory may exploit user's
private data. Without encryption, data can be read when the PC is stolen.

IMHO, /var/tmp/kdecache-USER/http looks risky, because user's browsing history
would be leaked. In order to secure the system in the future, I suggest to move
whole kdecache directory under the user's home directory. e.g. $HOME/.kde/cache

Currently, I have to mount an encrypted file system to /var/tmp to secure my
KDE desktop.

Reproducible: Didn't try

Steps to Reproduce:
nada

Actual Results:  
nada

Expected Results:  
nada

I also recommend to encrypt /tmp directory of course.

-- 
Configure bugmail: https://bugs.kde.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.