As the discussion about this was going on for 8 years in the mozilla community, I suggest to at least set permissions right in the distros.
For the moment, there is only one path (which is /tmp) and there is only the original name used. That said, concurrent users could overwrite their temporary files to each other. Setting permissions right would avoid that in addition to solving the security problem. And it's still better than allowing users to overwrite files of other users to avoid error messages. Plus, privacy is an issue here as users can read private files of other users. On single user systems, there might not be a noticable change to users. So, what should it break? It's still not a perfect concept but a big improvement in terms of security. The rest can be done later in a nice fashion. After setting permissions right in the distros you can still wait another 8 years and see which solution mozilla community came up with. Possible we see an importance change to 'high' in between (say 4 years or so). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1401454 Title: Thunderbird writes attachments to /tmp readable to everyone To manage notifications about this bug go to: https://bugs.launchpad.net/thunderbird/+bug/1401454/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
