https://bugs.kde.org/show_bug.cgi?id=487188

            Bug ID: 487188
           Summary: /tmp/closeditems directory with fixed name used -
                    problems with multiple users and potential security
                    issues
    Classification: Applications
           Product: konqueror
           Version: Git
          Platform: Other
                OS: Linux
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: general
          Assignee: konq-b...@kde.org
          Reporter: j...@keelhaul.me.uk
  Target Milestone: ---

SUMMARY

Konqueror creates and uses a temporary directory "/tmp/closeditems" which
appears to be used when closing Konqueror windows, although while Konqueror is
running and after it has exited it contains only empty files.  However, using a
directory with a fixed name in a world accessible directory causes two
potential problems:

1.  The directory persists with the ownership of the user who first created it,
with 755 permissions.  If another user uses the system without rebooting,
either as a second user session or after the first user has logged out, they
will not have permission to write into this directory and a message appears
when they close any Konqueror window:

konqueror KConfigIniBackend::writeConfig: Couldn't create a new file:
"/tmp/closeditems/_1.8" . Error: "Permission denied"

2.  Creating anything in /tmp with a predictable name opens up potential
security problems via symlink attacks.

STEPS TO REPRODUCE
1.   Starting from a clean boot, log in as one user and use Konqueror.
2.   Log out, observe that the directory /tmp/closeditems has been created.
3.   Log in as a different user, use Konqueror again
4.   Observe the error log message as above when closing a window.

EXPECTED RESULT

Konqueror should create temporary files in either the user cache directory
(QStandardPaths::CacheLocation), or in the /tmp directory using
QTemporaryFile/QTemporaryDir for safety.

SOFTWARE/OS VERSIONS
KDE Plasma Version: 6.0.80
KDE Frameworks Version: 6.2.0
Qt Version: 6.7.0

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to