https://bugs.kde.org/show_bug.cgi?id=487188
Bug ID: 487188
Summary: /tmp/closeditems directory with fixed name used -
problems with multiple users and potential security
issues
Classification: Applications
Product: konqueror
Version: Git
Platform: Other
OS: Linux
Status: REPORTED
Severity: normal
Priority: NOR
Component: general
Assignee: konq-b...@kde.org
Reporter: j...@keelhaul.me.uk
Target Milestone: ---
SUMMARY
Konqueror creates and uses a temporary directory "/tmp/closeditems" which
appears to be used when closing Konqueror windows, although while Konqueror is
running and after it has exited it contains only empty files. However, using a
directory with a fixed name in a world accessible directory causes two
potential problems:
1. The directory persists with the ownership of the user who first created it,
with 755 permissions. If another user uses the system without rebooting,
either as a second user session or after the first user has logged out, they
will not have permission to write into this directory and a message appears
when they close any Konqueror window:
konqueror KConfigIniBackend::writeConfig: Couldn't create a new file:
"/tmp/closeditems/_1.8" . Error: "Permission denied"
2. Creating anything in /tmp with a predictable name opens up potential
security problems via symlink attacks.
STEPS TO REPRODUCE
1. Starting from a clean boot, log in as one user and use Konqueror.
2. Log out, observe that the directory /tmp/closeditems has been created.
3. Log in as a different user, use Konqueror again
4. Observe the error log message as above when closing a window.
EXPECTED RESULT
Konqueror should create temporary files in either the user cache directory
(QStandardPaths::CacheLocation), or in the /tmp directory using
QTemporaryFile/QTemporaryDir for safety.
SOFTWARE/OS VERSIONS
KDE Plasma Version: 6.0.80
KDE Frameworks Version: 6.2.0
Qt Version: 6.7.0
--
You are receiving this mail because:
You are watching all bug changes.
