desktop-packages team mailing list archive

Thread
Date

[Bug 1525038] Re: Encrypted files left plain-text on the cache folder

To: desktop-packages@xxxxxxxxxxxxxxxxxxx
From: Marc Deslauriers <marc.deslauriers@xxxxxxxxxxxxx>
Date: Thu, 14 Jan 2016 12:55:21 -0000
Reply-to: Bug 1525038 <1525038@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Information type changed from Private Security to Public Security

** Changed in: file-roller (Ubuntu)
       Status: New => Confirmed

** Changed in: file-roller (Ubuntu)
   Importance: Undecided => Low

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to file-roller in Ubuntu.
https://bugs.launchpad.net/bugs/1525038

Title:
  Encrypted files left plain-text on the cache folder

Status in file-roller package in Ubuntu:
  Confirmed

Bug description:
  Used version: 3.10.2.1 
  OS: Ubuntu 14.04 

  Steps: Open an archive (7z format), double-click an encrypted file,
  type the password, the file is opened in LibreOffice Writer, the
  decrypted temporary file is located in the .cache folder, close
  LibreOffice Writer (with or without saving), close file-roller after
  confirming to update the file inside the archive. I figure out that
  the plain-text file is still present in the cache folder. LibreOffice
  Writer can even reopen it as "recent file" !

  I believe it's a major security risk. Why file-roller doesn't remove
  the temporary plain-text file when closing?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/file-roller/+bug/1525038/+subscriptions