desktop-packages team mailing list archive

Thread
Date

[Bug 1401454]

To: desktop-packages@xxxxxxxxxxxxxxxxxxx
From: Plst <1401454@xxxxxxxxxxxxxxxxxx>
Date: Mon, 02 Feb 2015 17:36:36 -0000
Reply-to: Bug 1401454 <1401454@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Yes, I have read that comment. But it is two years old, so the question
still remains the same: Why is it not fixed yet? If the author doesn't
have the time to finish it, maybe someone else could help out? Also
someone else than the author of the patch is assigned to this bug and
therefore responsible for it. This was just a reminder that the bug is
still valid, still a big security issue for professional users and that
it hopefully won't be open for another 7 years. Still appreciating what
the devs do in their free time.

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpad.net/bugs/1401454

Title:
  Thunderbird writes attachments to /tmp readable to everyone

Status in Mozilla Thunderbird Mail and News:
  In Progress
Status in thunderbird package in Ubuntu:
  Confirmed

Bug description:
  When I open an attachment of an email in Thunderbird it gets written
  to disk with permission 644, so it is readable by everyone on the
  system.

  How to repeat: Open an E-Mail, Open an Attachment (e.g. google.png)

  $ cd /tmp; ls -lh
  -rw-r--r-- 1 theuser thegroup 2,4K Dez 11 10:39 google.png

  Instead, Thunderbird should write the file with permissions 600. Plus,
  to avoid conflicts between users, the file should be written into a
  directory per user, e.g. /tmp/theuser/google.png or another user
  specific temp directory.

To manage notifications about this bug go to:
https://bugs.launchpad.net/thunderbird/+bug/1401454/+subscriptions