desktop-packages team mailing list archive
-
desktop-packages team
-
Mailing list archive
-
Message #99446
[Bug 1401454]
I don't think you should pay so much attention to the "assignee" field
or the status. Both are often bogus.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpad.net/bugs/1401454
Title:
Thunderbird writes attachments to /tmp readable to everyone
Status in Mozilla Thunderbird Mail and News:
Confirmed
Status in thunderbird package in Ubuntu:
Confirmed
Bug description:
When I open an attachment of an email in Thunderbird it gets written
to disk with permission 644, so it is readable by everyone on the
system.
How to repeat: Open an E-Mail, Open an Attachment (e.g. google.png)
$ cd /tmp; ls -lh
-rw-r--r-- 1 theuser thegroup 2,4K Dez 11 10:39 google.png
Instead, Thunderbird should write the file with permissions 600. Plus,
to avoid conflicts between users, the file should be written into a
directory per user, e.g. /tmp/theuser/google.png or another user
specific temp directory.
To manage notifications about this bug go to:
https://bugs.launchpad.net/thunderbird/+bug/1401454/+subscriptions