I have reproduced this with an iPod in saucy. Caused by this upsteam commit:
http://cgit.sukimashita.com/libimobiledevice.git/commit/src?id=825da48d2e9c20086c4e34869da0b28376676b4c I don't believe there's anything confidential in that directory though, it seems to simply consist of the device's public key, which anyone can pull off the device, and a set of user-specific generated keys for communication. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libimobiledevice in Ubuntu. https://bugs.launchpad.net/bugs/1164263 Title: user-specific and possible private files are written to a global location Status in “libimobiledevice” package in Ubuntu: Confirmed Bug description: $ dpkg -l libimobiledevic* | grep ^ii ii libimobiledevice3 1.1.4-1ubuntu6 amd64 Library for communicating with the iPhone and iPod Touch $ lsb_release -d Description: Ubuntu Raring Ringtail (development branch) I just noticed the oddly-named "/tmp/root" on my machine. $ tree -a /tmp/root /tmp/root └── .config └── libimobiledevice ├── HostCertificate.pem ├── HostPrivateKey.pem ├── libimobiledevicerc ├── RootCertificate.pem └── RootPrivateKey.pem Given the names of some of the files and the fact they probably relate to my phone, I suspect they should not live here, and certainly not be world-readable, as they currently are: $ sudo -u nobody sha256sum /tmp/root/.config/libimobiledevice/* 35df7500851f8b77e97da0d19b656233fa70e23933426bcce9c1860ad30d854c /tmp/root/.config/libimobiledevice/HostCertificate.pem 4a50a2982d2479d7f4cee23c41c93ba0d31bc97732d4d0accaa7e24d643003f1 /tmp/root/.config/libimobiledevice/HostPrivateKey.pem 49bb734ce3a6ac0bf517738e8c13dfdd6281f66bd63e82355a1aa319fd94aa2c /tmp/root/.config/libimobiledevice/libimobiledevicerc 0753ad5f801544c927af58fa3521784246fe510ee3d7870863db736481e5b278 /tmp/root/.config/libimobiledevice/RootCertificate.pem aa1d53e80d7033e8ca27ea37b140a8bdb1ae6185371975360751377013131e03 /tmp/root/.config/libimobiledevice/RootPrivateKey.pem There are some files in $HOME/.config/libimobiledevice with similar names that date from October 10th 2012. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libimobiledevice/+bug/1164263/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
