Closed Bug 258578 Opened 20 years ago Closed 20 years ago

Enigmail: GPG encrypted attachments saved in /tmp, world readable!

Categories

(Thunderbird :: General, defect)

Product:
Thunderbird
Component:
General
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: mugurel.tudor, Assigned: mscott)

Details

(Whiteboard: [sg:needinfo] Enigmail -- keep flagged for now)

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.2) Gecko/20040825 Epiphany/1.2.8 Build Identifier: Thunderbird 0.7.3 (20040809) In an encrypted mail, if I double click the attachment, to open it, the file is decrypted and saved in /tmp, and the permissions on that file are: -rw-r--r-- 1 mtudor users 348151 Sep 9 13:04 /tmp/network.pdf This means world readable! After I close the attachement, the temp file is still not deleted. It will be deleted only when I close Thunderbird. This means that if I keep my client opened for two days, for two days every user on my computer can read my confidential document! If thunderbird crashes, the file will be left in /tmp! This is an insecure design. Why not save the document in $USER/.mozilla, or in $USER/tmp, or at least if it's saved in /tmp, why not saved with -rw------- ? Reproducible: Always Steps to Reproduce: 1. On a PGP encrypted mail, double click on the attachment to open it 2. In the console, go to /tmp and check the permissions on that file 3. Close the document, and the temp file is still there Actual Results: the file is world readable Expected Results: the file should be saved in my $HOME/.mozilla, or in /tmp with the correct permissions (not world readable)
I don't believe Thunderbird handles PGP, do you have extensions installed such as Enigmail? If so the bug is more likely there and should be reported to the extension author (http://enigmail.mozdev.org/bugs.html for Enigmail). The extension is likely just using default tmp settings (and world readable would seem to be a problem there, too), but an encryption program needs to take more care than just relying on defaults.
Whiteboard: [sg:needinfo]
I was under the impression that enigmail is "under the umbrella" of the mozilla team, that' why I report it here. It seems that I was wrong. Thank you for your attention, and I'll go badder someone else :)
mozdev.org is certainly part of the mozilla community, but it works best to file bugs where the appropriate developers will be looking :-) Scott's swamped with his own Thunderbird work, he's not going to have time to fix bugs in someone else's code. If for some reason fixing the Enigmail bug requires changes in core Mozilla then the Enigmail developers can file a very specific Mozilla bug detailing what they need at the low level. I'll leave the confidential flag until the Enigmail folks decide what to do.
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → INVALID
Summary: GPG encrypted attachments saved in /tmp, world readable! → Enigmail: GPG encrypted attachments saved in /tmp, world readable!
Whiteboard: [sg:needinfo] → [sg:needinfo] Enigmail -- keep flagged for now
I reported the bug allready to the Enigmail team.
And since we are at this subject, mozilla mail saves ANY attachement in /tmp, world readable, when you open it. Maybe save them in $HOME/.mozilla, or use appropiate permissions (not world readable) ? It still seems like a weak design, though .... But that is a different story (maybe a new bug opened) ?
Looks like that's already been previously reported, bug 251297. I cc'd you on that bug
Removing confidential flag from bugs resolved INVALID
Group: security
You need to log in before you can comment on or make changes to this bug.