[dolphin] [Bug 430270] New: directory-tree/file data stored for encrypted volumes

Fri Dec 11 17:41:18 GMT 2020

https://bugs.kde.org/show_bug.cgi?id=430270

            Bug ID: 430270
           Summary: directory-tree/file data stored for encrypted volumes
           Product: dolphin
           Version: unspecified
          Platform: unspecified
                OS: Linux
            Status: REPORTED
          Severity: grave
          Priority: NOR
         Component: general
          Assignee: dolphin-bugs-null at kde.org
          Reporter: miche1 at earthlink.net
                CC: kfm-devel at kde.org
  Target Milestone: ---

SUMMARY
Dolphin (KDE/OpenSuSE 15.1) seems to store directory paths (and maybe file
names) under the user's ~/.local directory.  This is a security leak.  For
instance, using KDE/Dolphin to navigate the directory tree in a VeraCrypt
volume records the directory structure and filenames.

STEPS TO REPRODUCE
1. Open VeraCrypt volume
2. Navigate directory tree and open some file in VC volume
3. Close/unmount Veracrypt volume 
4. Use kfind to search for the VC file that was opened under Dolphin
4. Kfind will show a record of the location of that file under the VC volume
(in opensuse this is under ~/.local/share/)
5. = Major security breakage + permanent record

OBSERVED RESULT
Breaks security

EXPECTED RESULT
No security leaks - quick/temp solution: suggest a "wipe history" function for
Dolphin which does "rm" function (not "move-to-trash") for these records.  This
could be a user-interface function similar to clipboard's "clear clipboard
history" function.

SOFTWARE/OS VERSIONS
Windows: 
macOS: 
Linux/KDE Plasma: 
~> plasmashell --version
plasmashell 5.12.8

(available in About System)
KDE Plasma Version: 
KDE Frameworks Version: 
Qt Version: 

ADDITIONAL INFORMATION

-- 
You are receiving this mail because:
You are on the CC list for the bug.