Public bug reported: Hello,
Not a Unix/Linux professional, I noticed /tmp in 10.10 has the rights: drwxrwxrwt 12 root root 4096 2011-02-12 09:59 tmp/ The sticky bit being here to avoid a user to delete another user's file. However, by nature of these rights, anyone can list the files in this folder, and e.g. Firefox stores the temporary pdfs at /tmp; therefore anyone can read the bank account name when you open an account file with explicit name. Isn't that a privacy threat ? Why not make any user's tmp directory in /tmp/'$user' and forbid any user-loaded program write in /tmp, leaving it accessible only for the system ? Even more, to allow efficiency of using encrypting the home directory, it should just use ~/.tmp so that anything is anyway encrypted (even root couldn't decrypt without the user logged I believe), shouldn't it ? I understand there is a reason if it isn't done but I can't see... Thanks for your clarification. Bye ** Affects: ubuntu Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/717622 Title: Anyone can list the files of /tmp -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs