Public bug reported:
Binary package hint: file-roller
Concerns: Ubuntu Gutsy Gibbon, file-roller 2.20.1-0ubuntu1
I found a "--" tarball with root owned files in my user home directory.
The origin of this file was initially unclear but I managed to reproduce
this file as follows:
- as a normal user open nautilus and go to /root
- select some files (not directories) for which the user has reading rights
(rw-r--r--)
- right click to create an archive in the same directory
Trying to create an archive in the directory where the user doesn't have
writing rights will fail without an error message.
Here's the problem: Without any notification, a tarball named "--"
(without extension), which includes the root-owned files, is now placed
in the home directory of the user who attempted to create the archive in
the root directory. Any new attempt will append files to this archive.
File-roller shouldn't create an archive in any other location than the
one specified by the user.
** Affects: file-roller (Ubuntu)
Importance: Undecided
Status: New
** Visibility changed to: Public
--
[Gutsy] attempt to create archive in dir without writing permissions creates
archive in user home without notification
https://bugs.launchpad.net/bugs/186583
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is a bug contact for file-roller in ubuntu.
--
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
