Thunderbird writes attachments to /tmp readable to everyone
Bug #1401454 reported by
Thomas Mayer
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mozilla Thunderbird |
Fix Released
|
Medium
|
|||
thunderbird (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
When I open an attachment of an email in Thunderbird it gets written to disk with permission 644, so it is readable by everyone on the system.
How to repeat: Open an E-Mail, Open an Attachment (e.g. google.png)
$ cd /tmp; ls -lh
-rw-r--r-- 1 theuser thegroup 2,4K Dez 11 10:39 google.png
Instead, Thunderbird should write the file with permissions 600. Plus, to avoid conflicts between users, the file should be written into a directory per user, e.g. /tmp/theuser/
information type: | Private Security → Public Security |
Changed in thunderbird (Ubuntu): | |
status: | New → Confirmed |
Changed in thunderbird: | |
importance: | Unknown → Medium |
status: | Unknown → In Progress |
Changed in thunderbird: | |
status: | In Progress → Confirmed |
Changed in thunderbird: | |
status: | Confirmed → Fix Released |
To post a comment you must log in.
User-Agent: Mozilla/5.0 (X11; U; Linux i686; de; rv:1.8.0.10) Gecko/20070313 Fedora/ 1.5.0.10- 5.fc6 Firefox/1.5.0.10 pango-text
Build Identifier: 1.5.0.10
On at least Fedora Core every attachment which was openend is saved in /tmp. On a multi user system this can lead to a filename disclosure and therefore to a privacy problem, think about e.g.
/tmp/loveletter -from-girlfrien d-xy.doc
Reproducible: Always
Steps to Reproduce: agenda- from-company. ppt" from an e-mail
1. Open attachment "secret-
2. login as different user and list /tmp directory agenda- from-company. ppt
$ ls -al /tmp/*.ppt
-rw------- 1 peter peter 248832 16. Apr 14:08 /tmp/secret-
Actual Results:
File name is unexpectly disclosed to all other non-root users
Expected Results: thunderbird/ secret- agenda- from-company. ppt thunderbird is created with permissions 700
File would be stored into a subdirectory in tmp, e.g.
/tmp/peter-
and
/tmp/peter-