Closed Bug 264372 Opened 20 years ago Closed 20 years ago

Temporary files in /tmp are world-readable

Categories

(Firefox :: File Handling, defect)

Product:
Firefox
Component:
File Handling
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 251297

People

(Reporter: vogel, Assigned: bugs)

Details

(Whiteboard: [sg:dupe 251297]) 

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.3) Gecko/20040924
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20041012 Firefox/0.10.1

Temporary files in /tmp, created e.g. by accessing files that need a 
helper application, are world-readable.  This is a security/privacy
issue, as these documents might contain data from protected web sites.


Reproducible: Always
Steps to Reproduce:
1. Click on any link to a PDF document.
2. In Download Manager, select "Open with" and "browse" to /usr/bin/xpdf
3.  Execute "ls -l /tmp" and look for the file just downloaded.


Actual Results:  
There is a file entry listed like this:
-rw-rw-r--    1 vogel    vogel    11833929 Oct 14 17:36 downloaded.pdf


Expected Results:  
Something like this:
-rw-------    1 vogel    vogel    11833929 Oct 14 17:36 downloaded.pdf
> -rw-------    1 vogel    vogel    11833929 Oct 14 17:36 downloaded.pdf

group-readable/writable?

It's only a problem for HTTPS/SSL sites. Everything else came unprotected over
the network anyways.
But not all users on a multi-user host can listen to all network traffic. So
it's clearly not limited to HTTPS sites.

We've got the same bug for mail attachments and we do want to fix that one. This
is probably a dupe since I suspect it's the uriloader/exthandler code causing
the problem.
Daniel, can you go ahead and dupe it then if you think it's appropriate? I can't
see the other bug you're talking about...
It seems like nsExternalAppHandler::ExecuteDesiredAction either shouldn't call
MoveFile or should call it in a way that doesn't call FixFilePermissions in the
helper app / use system default case.  FixFilePermissions (which uses the umask)
seems like something we want only for a user-chosen location.
Found it, bug 251297. That's written against mail, but it's been confirmed and
has more CC's.

*** This bug has been marked as a duplicate of 251297 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Whiteboard: [sg:dupe 251297]
Group: security
You need to log in before you can comment on or make changes to this bug.