[kmail2] [Bug 358116] New: messageviewer leaks temporary files with mail parts in it
Martin Steigerwald via KDE Bugzilla
bugzilla_noreply at kde.org
Sun Jan 17 11:04:08 GMT 2016
https://bugs.kde.org/show_bug.cgi?id=358116
Bug ID: 358116
Summary: messageviewer leaks temporary files with mail parts in
it
Product: kmail2
Version: Git (master)
Platform: Other
OS: Linux
Status: UNCONFIRMED
Severity: normal
Priority: NOR
Component: general
Assignee: kdepim-bugs at kde.org
Reporter: Martin at Lichtvoll.de
(Would be nice to have a messageviewer component, I may file an admin request
about that later.)
messageviewer leaks temporary files in /tmp with parts of mails in it.
According to Sandro already in KDEPIM 4 times it needs these temporary files to
open attachments, but it should clean a file when it opens another mail. Yet,
here it appears it doesn´t.
Reproducible: Always
Steps to Reproduce:
1. Run KMail.
2. Read some mails. (Maybe also some with attachments).
Actual Results:
merkaba:~> date
So 17. Jan 11:50:10 CET 2016
merkaba:~> ls -ld /tmp/messageviewer_* | wc -l
117
merkaba:~> LANG=C du -sch /tmp/messageviewer_* | tail -1
368K total
This looks like this. I changed user and group names. At the time of this
listing "user2" was not even logged in anymore, neither KMail nor Akonadi
running for the user at the time.
# ls -ld /tmp/messageviewer_*
drwx------ 2 user2 users 60 Jan 13 11:17 /tmp/messageviewer_a16100.index.1
drwx------ 2 user1 group1 60 Jan 15 18:19 /tmp/messageviewer_A22454.index.
drwx------ 2 user1 group1 60 Jan 17 11:32 /tmp/messageviewer_a24855.index.1.1.1
drwx------ 2 user1 group1 60 Jan 12 18:17 /tmp/messageviewer_AJ6125.index.1
drwx------ 2 user2 users 60 Jan 13 09:42 /tmp/messageviewer_B16100.index.
drwx------ 2 user1 group1 60 Jan 12 18:56 /tmp/messageviewer_Bc6125.index.
drwx------ 2 user2 users 60 Jan 13 11:37 /tmp/messageviewer_C16100.index.
drwx------ 2 user1 group1 60 Jan 16 10:32 /tmp/messageviewer_c24855.index.1
drwx------ 2 user1 group1 60 Jan 12 15:11 /tmp/messageviewer_CD6125.index.1
drwx------ 2 user1 group1 60 Jan 14 19:49 /tmp/messageviewer_d21362.index.
drwx------ 2 user1 group1 60 Jan 13 21:07 /tmp/messageviewer_DM6125.index.1
drwx------ 2 user1 group1 60 Jan 13 14:05 /tmp/messageviewer_Dp6125.index.1
drwx------ 2 user2 users 60 Jan 13 17:10 /tmp/messageviewer_e16100.index.
drwx------ 2 user1 group1 60 Jan 15 22:07 /tmp/messageviewer_e22454.index.
drwx------ 2 user1 group1 60 Jan 14 20:55 /tmp/messageviewer_E22454.index.
drwx------ 2 user1 group1 60 Jan 15 19:08 /tmp/messageviewer_e22454.index.1
drwx------ 2 user1 group1 60 Jan 16 14:23 /tmp/messageviewer_E24855.index.1
drwx------ 2 user1 group1 60 Jan 12 18:55 /tmp/messageviewer_eQ6125.index.
[… rest skipped, but available on request…]
Expected Results:
No file leaks.
While messageviewer protects the files with chmod 600, it is still an
information leak when the original data is saved crypted on disk, like for
example I have it with user2. The home directory of user2 is crypted via
ecryptfs.
This happens in git master as of de33276f801787d5b54cb42728137d17bfd59762, but
also before already I think.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Kdepim-bugs
mailing list