← Back to team overview

desktop-packages team mailing list archive

[Bug 1525038] Re: Encrypted files left plain-text on the cache folder


** Information type changed from Private Security to Public Security

** Changed in: file-roller (Ubuntu)
       Status: New => Confirmed

** Changed in: file-roller (Ubuntu)
   Importance: Undecided => Low

You received this bug notification because you are a member of Desktop
Packages, which is subscribed to file-roller in Ubuntu.

  Encrypted files left plain-text on the cache folder

Status in file-roller package in Ubuntu:

Bug description:
  Used version: 
  OS: Ubuntu 14.04 

  Steps: Open an archive (7z format), double-click an encrypted file,
  type the password, the file is opened in LibreOffice Writer, the
  decrypted temporary file is located in the .cache folder, close
  LibreOffice Writer (with or without saving), close file-roller after
  confirming to update the file inside the archive. I figure out that
  the plain-text file is still present in the cache folder. LibreOffice
  Writer can even reopen it as "recent file" !

  I believe it's a major security risk. Why file-roller doesn't remove
  the temporary plain-text file when closing?

To manage notifications about this bug go to: