Apologies for the discussion, will keep them in future to the forums. The issue about photo persisting is a question of magnitude, as they are open already for a short time, so this is not a new break in security/privacy, but making it a little less. Those needing the patch (e.g. Thunderbird) would otherwise have to set a long time-out, leading to the same sort of exposure.
However, the System.IO.Directory.CreateDirectory() used to create the /tmp directories can, I believe, take a security descriptor as well. I don't know how this works in the Windows/LINUX cross over, but if we could chmod 700 the resulting directories they would be safe from reading by others, and as /tmp is normally created with the 'sticky bit' set, others cannot modify or delete your won directories. How much it matters is debatable, for most it is probably a single-user machine, or family, and the default umask allows others to read your files/photos unless you specifically set permissions to block them. But setting the temp directories permissions correctly would be a good point in principle anyway. -- F-Spot deletes temporary image files too early when sending mails https://bugs.launchpad.net/bugs/112684 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
