[dolphin] [Bug 430270] New: directory-tree/file data stored for encrypted volumes
PattiMichelle
bugzilla_noreply at kde.org
Fri Dec 11 17:41:18 GMT 2020
https://bugs.kde.org/show_bug.cgi?id=430270
Bug ID: 430270
Summary: directory-tree/file data stored for encrypted volumes
Product: dolphin
Version: unspecified
Platform: unspecified
OS: Linux
Status: REPORTED
Severity: grave
Priority: NOR
Component: general
Assignee: dolphin-bugs-null at kde.org
Reporter: miche1 at earthlink.net
CC: kfm-devel at kde.org
Target Milestone: ---
SUMMARY
Dolphin (KDE/OpenSuSE 15.1) seems to store directory paths (and maybe file
names) under the user's ~/.local directory. This is a security leak. For
instance, using KDE/Dolphin to navigate the directory tree in a VeraCrypt
volume records the directory structure and filenames.
STEPS TO REPRODUCE
1. Open VeraCrypt volume
2. Navigate directory tree and open some file in VC volume
3. Close/unmount Veracrypt volume
4. Use kfind to search for the VC file that was opened under Dolphin
4. Kfind will show a record of the location of that file under the VC volume
(in opensuse this is under ~/.local/share/)
5. = Major security breakage + permanent record
OBSERVED RESULT
Breaks security
EXPECTED RESULT
No security leaks - quick/temp solution: suggest a "wipe history" function for
Dolphin which does "rm" function (not "move-to-trash") for these records. This
could be a user-interface function similar to clipboard's "clear clipboard
history" function.
SOFTWARE/OS VERSIONS
Windows:
macOS:
Linux/KDE Plasma:
~> plasmashell --version
plasmashell 5.12.8
(available in About System)
KDE Plasma Version:
KDE Frameworks Version:
Qt Version:
ADDITIONAL INFORMATION
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the kfm-devel
mailing list