[Bug 287654] New: /var/tmp/kdecache security concern
Mikiya Okuno
mikiya.okuno at gmail.com
Sun Nov 27 02:35:36 GMT 2011
https://bugs.kde.org/show_bug.cgi?id=287654
Summary: /var/tmp/kdecache security concern
Product: kde
Version: unspecified
Platform: Ubuntu Packages
OS/Version: Linux
Status: UNCONFIRMED
Severity: wishlist
Priority: NOR
Component: general
AssignedTo: unassigned-bugs at kde.org
ReportedBy: mikiya.okuno at gmail.com
Version: unspecified (using KDE 4.7.2)
OS: Linux
Currently, some cache files are created under /var/tmp/kdecache-USER directory.
Recently, many users encrypt their home directory for security. However,
creating user files other than their own home directory may exploit user's
private data. Without encryption, data can be read when the PC is stolen.
IMHO, /var/tmp/kdecache-USER/http looks risky, because user's browsing history
would be leaked. In order to secure the system in the future, I suggest to move
whole kdecache directory under the user's home directory. e.g. $HOME/.kde/cache
Currently, I have to mount an encrypted file system to /var/tmp to secure my
KDE desktop.
Reproducible: Didn't try
Steps to Reproduce:
nada
Actual Results:
nada
Expected Results:
nada
I also recommend to encrypt /tmp directory of course.
--
Configure bugmail: https://bugs.kde.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the Unassigned-bugs
mailing list