[kde] [Bug 464806] Kate (editor) leaks directory/file info in (~/.config/katemetainfos) from veracrypt (tested in LEAP 15.4)

[PattiMichelle]

https://bugs.kde.org/show_bug.cgi?id=464806

--- Comment #2 from PattiMichelle <miche1 at earthlink.net> ---
OS-based encryption (e.g., luks and ...?), at least, should be modified (in the
kernel?) to automatically prevent storing path/file/content information in
plaintext, either in user or system directories, for such Volumes - and should
autopurge memory at dismount.  (but major problems still reside in parts of
linux - like OpenSSH in 2016...)  A solution then would be that apps like
veracrypt could be added to "a list" to use such a kernel-based
encrypted-volume-security-fix after it is implemented?  (but I'm no Wizard,
Guru, or Lord High Fixer - I don't understand Deep Magic or Heavy Wizardry ;^)

Different folks view encryption security differently (Boneh/Krebs/Schneier) and
some aren't concerned - I'm just careful, not paranoid, not really; but it
seems very responsible to trust academics about encryption (Boneh) when
supporting a global-class OS.

I would have to test your proposed solution, but it seems drastic, and I'm not
sure of side consequences in the UI.

Previously (with dolphin) I had suggested an option to "flush history" (and now
in kate) as stopgap security measures - but I realize that would involve
separate development teams, and it's not clear what other apps in the repos
store such info in plaintext.  (Baloo comes to mind...)  In particular, only
path/file-content data actually seem to be important at this point.

-- 
You are receiving this mail because:
You are the assignee for the bug.