https://bugs.kde.org/show_bug.cgi?id=487188
Bug ID: 487188 Summary: /tmp/closeditems directory with fixed name used - problems with multiple users and potential security issues Classification: Applications Product: konqueror Version: Git Platform: Other OS: Linux Status: REPORTED Severity: normal Priority: NOR Component: general Assignee: konq-b...@kde.org Reporter: j...@keelhaul.me.uk Target Milestone: --- SUMMARY Konqueror creates and uses a temporary directory "/tmp/closeditems" which appears to be used when closing Konqueror windows, although while Konqueror is running and after it has exited it contains only empty files. However, using a directory with a fixed name in a world accessible directory causes two potential problems: 1. The directory persists with the ownership of the user who first created it, with 755 permissions. If another user uses the system without rebooting, either as a second user session or after the first user has logged out, they will not have permission to write into this directory and a message appears when they close any Konqueror window: konqueror KConfigIniBackend::writeConfig: Couldn't create a new file: "/tmp/closeditems/_1.8" . Error: "Permission denied" 2. Creating anything in /tmp with a predictable name opens up potential security problems via symlink attacks. STEPS TO REPRODUCE 1. Starting from a clean boot, log in as one user and use Konqueror. 2. Log out, observe that the directory /tmp/closeditems has been created. 3. Log in as a different user, use Konqueror again 4. Observe the error log message as above when closing a window. EXPECTED RESULT Konqueror should create temporary files in either the user cache directory (QStandardPaths::CacheLocation), or in the /tmp directory using QTemporaryFile/QTemporaryDir for safety. SOFTWARE/OS VERSIONS KDE Plasma Version: 6.0.80 KDE Frameworks Version: 6.2.0 Qt Version: 6.7.0 -- You are receiving this mail because: You are watching all bug changes.