desktop-packages team mailing list archive
-
desktop-packages team
-
Mailing list archive
-
Message #98449
[Bug 1401454]
Yes, I have read that comment. But it is two years old, so the question
still remains the same: Why is it not fixed yet? If the author doesn't
have the time to finish it, maybe someone else could help out? Also
someone else than the author of the patch is assigned to this bug and
therefore responsible for it. This was just a reminder that the bug is
still valid, still a big security issue for professional users and that
it hopefully won't be open for another 7 years. Still appreciating what
the devs do in their free time.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpad.net/bugs/1401454
Title:
Thunderbird writes attachments to /tmp readable to everyone
Status in Mozilla Thunderbird Mail and News:
In Progress
Status in thunderbird package in Ubuntu:
Confirmed
Bug description:
When I open an attachment of an email in Thunderbird it gets written
to disk with permission 644, so it is readable by everyone on the
system.
How to repeat: Open an E-Mail, Open an Attachment (e.g. google.png)
$ cd /tmp; ls -lh
-rw-r--r-- 1 theuser thegroup 2,4K Dez 11 10:39 google.png
Instead, Thunderbird should write the file with permissions 600. Plus,
to avoid conflicts between users, the file should be written into a
directory per user, e.g. /tmp/theuser/google.png or another user
specific temp directory.
To manage notifications about this bug go to:
https://bugs.launchpad.net/thunderbird/+bug/1401454/+subscriptions