[kde] [Bug 464806] Kate (editor) leaks directory/file info in (~/.config/katemetainfos) from veracrypt (tested in LEAP 15.4)
    PattiMichelle 
    bugzilla_noreply at kde.org
       
    Thu Jan 26 16:19:25 GMT 2023
    
    
  
https://bugs.kde.org/show_bug.cgi?id=464806
--- Comment #2 from PattiMichelle <miche1 at earthlink.net> ---
OS-based encryption (e.g., luks and ...?), at least, should be modified (in the
kernel?) to automatically prevent storing path/file/content information in
plaintext, either in user or system directories, for such Volumes - and should
autopurge memory at dismount.  (but major problems still reside in parts of
linux - like OpenSSH in 2016...)  A solution then would be that apps like
veracrypt could be added to "a list" to use such a kernel-based
encrypted-volume-security-fix after it is implemented?  (but I'm no Wizard,
Guru, or Lord High Fixer - I don't understand Deep Magic or Heavy Wizardry ;^)
Different folks view encryption security differently (Boneh/Krebs/Schneier) and
some aren't concerned - I'm just careful, not paranoid, not really; but it
seems very responsible to trust academics about encryption (Boneh) when
supporting a global-class OS.
I would have to test your proposed solution, but it seems drastic, and I'm not
sure of side consequences in the UI.
Previously (with dolphin) I had suggested an option to "flush history" (and now
in kate) as stopgap security measures - but I realize that would involve
separate development teams, and it's not clear what other apps in the repos
store such info in plaintext.  (Baloo comes to mind...)  In particular, only
path/file-content data actually seem to be important at this point.
-- 
You are receiving this mail because:
You are the assignee for the bug.
    
    
More information about the Unassigned-bugs
mailing list