https://bugs.kde.org/show_bug.cgi?id=420127
Bug ID: 420127
Summary: Vault thumbnails generated and stored insecurely!!!
Product: Plasma Vault
Version: unspecified
Platform: Neon Packages
OS: Linux
Status: REPORTED
Severity: major
Priority: NOR
Component: general
Assignee: ivan.cu...@kde.org
Reporter: keithhacks-kde...@yahoo.com
Target Milestone: ---
SUMMARY
Thumbnails are generated inside Plasma Vaults and stored in the insecure
~/.cache/thumbnails and ~/.thumbnails directories, but are not shown to the
user.
STEPS TO REPRODUCE
1. Create a Vault and add some photos to it.
2. Refresh Dolphin, maybe navigate out of and back into the Vault.
3. Open Gwenview, toggle between Browse and View, and open and close the
Thumbnail Bar.
4. Close the Vault.
5. I'm not sure which actions caused it, but in ~/.cache/thumbnails and/or
~/.thumbnails, there should be files with an EXIF ThumbURI corresponding to the
files inside the Vault. You can use this script to locate them:
#!/bin/bash
VAULT_MOUNT="$HOME/Vaults"
find "$HOME/.cache/thumbnails" "$HOME/.thumbnails" -type f | while read FILE;
do
TAG=$(exiftool -ThumbURI "$FILE")
URI="${TAG#* : }"
if [[ $URI == *"$VAULT_MOUNT"* ]]; then; echo "$FILE: $URI"; fi
done
OBSERVED RESULT
Thumbnails of files within the Vault are stored UNENCRYPTED, OUTSIDE THE
VAULT!!! Dolphin does not display these thumbnails, which may mislead users
into thinking thumbnails aren't being generated.
EXPECTED RESULT
Applications should either store thumbnails inside the Vault, or not generate
them at all. Ideally, users should be able to select which of these behaviors
they prefer.
SOFTWARE/OS VERSIONS
Windows:
macOS:
Linux/KDE Plasma: KDE Neon 5.18 User Edition, kernel 4.18.0-25-generic
(available in About System)
KDE Plasma Version: 5.18.4
KDE Frameworks Version: 5.69.0
Qt Version: 5.14.1
ADDITIONAL INFORMATION
--
You are receiving this mail because:
You are watching all bug changes.
