! Please note that this is a snapshot of our old Bugzilla server, which is read only since May 29, 2020. Please go to gitlab.xfce.org for our new server !
Security issue of /tmp directory
Status:
RESOLVED: MOVED
Priority:
Medium
Severity:
normal
Product:
Xfce4-screenshooter
Component:
General

Comments

Description Yan Pas 2015-09-08 01:18:30 CEST 
Let's imagine I have two users Alice (amdin rights) and Bob (no amdin rights). If Alice takes a screenshot via xfce4-screenshoter and opens it in GIMP - it is saved to /tmp directory. Then Alice logs out, and Bob logs in. Bob is availible to read /tmp and he can see Alices screenshot... awful! It's better to store temp screenshots in ~/.cache. E. G. Alice may use ecryptfs and her ~/.cache dir will be encrypted. Or Alice may forbid to read her home folder (default behavior on Centos.
So temporary screenshots must be stored somewhere in home dir.
Comment 1 Git Bot editbugs 2020-05-24 23:56:52 CEST 
-- GitLab Migration Automatic Message --

This bug has been migrated to xfce.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.xfce.org/apps/xfce4-screenshooter/-/issues/8.

Please create an account or use an existing account on one of our supported OAuth providers. 

If you want to fork to submit patches and merge requests please continue reading here: https://docs.xfce.org/contribute/dev/git/start#gitlab_forks_and_merge_requests

Also feel free to reach out to us on the mailing list https://mail.xfce.org/mailman/listinfo/xfce4-dev

Bug #12196

Reported by:
Yan Pas
Reported on: 2015-09-08
Last modified on: 2020-05-24

People

Assignee:
Jérôme Guelfucci
CC List:
0 users

Version

Version:
unspecified
Target Milestone:
---

Attachments

Additional information