deja-dup saves passphrase in /tmp
Bug #1814238 reported by
Götz Waschk
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Déjà Dup |
Fix Released
|
Medium
|
Unassigned | ||
deja-dup (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Bug Description
I have unchecked the "save passphrase" option in deja-dup, but still I have found the file /tmp/deja-
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: deja-dup 37.1-2fakesync1
ProcVersionSign
Uname: Linux 4.15.0-43-generic x86_64
NonfreeKernelMo
ApportVersion: 2.20.9-0ubuntu7.5
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Fri Feb 1 10:59:06 2019
SourcePackage: deja-dup
UpgradeStatus: No upgrade log present (probably fresh install)
Changed in deja-dup (Ubuntu): | |
importance: | Undecided → High |
Changed in deja-dup (Ubuntu): | |
status: | New → Triaged |
Changed in deja-dup: | |
status: | Triaged → Fix Committed |
Changed in deja-dup (Ubuntu): | |
status: | Triaged → Fix Committed |
Changed in deja-dup: | |
status: | Fix Committed → Fix Released |
Changed in deja-dup (Ubuntu): | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Thanks for the report! We should definitely fix this!
But I'm having trouble reproducing it. I tried backing up and restoring, didn't see any /tmp files. I also wasn't sure whether you mean the encryption passphrase or the password for a network server. So I did both. Still didn't see any /tmp files.
(This was all with 37.1-2fakesync1 ubuntu0. 1 on Ubuntu 18.04.)
Can you explain what the steps are for you to get to the point where we are storing the passphrase in /tmp in plaintext? Also, is the file you see world-readable? (Just trying to get a sense of the severity)