[kmail2] [Bug 358116] New: messageviewer leaks temporary files with mail parts in it

Martin Steigerwald via KDE Bugzilla bugzilla_noreply at kde.org
Sun Jan 17 11:04:08 GMT 2016 

https://bugs.kde.org/show_bug.cgi?id=358116

            Bug ID: 358116
           Summary: messageviewer leaks temporary files with mail parts in
                    it
           Product: kmail2
           Version: Git (master)
          Platform: Other
                OS: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: NOR
         Component: general
          Assignee: kdepim-bugs at kde.org
          Reporter: Martin at Lichtvoll.de

(Would be nice to have a messageviewer component, I may file an admin request
about that later.)

messageviewer leaks temporary files in /tmp with parts of mails in it.
According to Sandro already in KDEPIM 4 times it needs these temporary files to
open attachments, but it should clean a file when it opens another mail. Yet,
here it appears it doesn´t.

Reproducible: Always

Steps to Reproduce:
1. Run KMail.
2. Read some mails. (Maybe also some with attachments).

Actual Results:  
merkaba:~> date                                                                 
So 17. Jan 11:50:10 CET 2016

merkaba:~> ls -ld /tmp/messageviewer_* | wc -l
117

merkaba:~> LANG=C du -sch /tmp/messageviewer_* | tail -1
368K    total

This looks like this. I changed user and group names. At the time of this
listing "user2" was not even logged in anymore, neither KMail nor Akonadi
running for the user at the time.

# ls -ld /tmp/messageviewer_*
drwx------ 2 user2 users  60 Jan 13 11:17 /tmp/messageviewer_a16100.index.1
drwx------ 2 user1 group1 60 Jan 15 18:19 /tmp/messageviewer_A22454.index.
drwx------ 2 user1 group1 60 Jan 17 11:32 /tmp/messageviewer_a24855.index.1.1.1
drwx------ 2 user1 group1 60 Jan 12 18:17 /tmp/messageviewer_AJ6125.index.1
drwx------ 2 user2 users  60 Jan 13 09:42 /tmp/messageviewer_B16100.index.
drwx------ 2 user1 group1 60 Jan 12 18:56 /tmp/messageviewer_Bc6125.index.
drwx------ 2 user2 users  60 Jan 13 11:37 /tmp/messageviewer_C16100.index.
drwx------ 2 user1 group1 60 Jan 16 10:32 /tmp/messageviewer_c24855.index.1
drwx------ 2 user1 group1 60 Jan 12 15:11 /tmp/messageviewer_CD6125.index.1
drwx------ 2 user1 group1 60 Jan 14 19:49 /tmp/messageviewer_d21362.index.
drwx------ 2 user1 group1 60 Jan 13 21:07 /tmp/messageviewer_DM6125.index.1
drwx------ 2 user1 group1 60 Jan 13 14:05 /tmp/messageviewer_Dp6125.index.1
drwx------ 2 user2 users  60 Jan 13 17:10 /tmp/messageviewer_e16100.index.
drwx------ 2 user1 group1 60 Jan 15 22:07 /tmp/messageviewer_e22454.index.
drwx------ 2 user1 group1 60 Jan 14 20:55 /tmp/messageviewer_E22454.index.
drwx------ 2 user1 group1 60 Jan 15 19:08 /tmp/messageviewer_e22454.index.1
drwx------ 2 user1 group1 60 Jan 16 14:23 /tmp/messageviewer_E24855.index.1
drwx------ 2 user1 group1 60 Jan 12 18:55 /tmp/messageviewer_eQ6125.index.
[… rest skipped, but available on request…]


Expected Results:  
No file leaks.

While messageviewer protects the files with chmod 600, it is still an
information leak when the original data is saved crypted on disk, like for
example I have it with user2. The home directory of user2 is crypted via
ecryptfs.

This happens in git master as of de33276f801787d5b54cb42728137d17bfd59762, but
also before already I think.

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the Kdepim-bugs mailing list