Using Thunderbird 38.8.0 in Ubuntu 16.04, when I open a pdf I now get a -r-------- 1 thomas thomas 19K Jun 16 18:28 filename.pdf
So nobody can read the file, which is 95% of the security fix. The remaining 5% would be to not expose the file name to other users. That's exactly how it is done for Mozilla Firefox 47.0/Ubuntu 16.04: Firefox now uses a directory which is only accessible by the user: drwx------ 1 thomas thomas 1,9K Jun 16 18:08 mozilla_thomas0 Thereby, using Firefox, the file names of temporary files in the directory are no longer exposed to other users. Would be great to have the same behaviour in Thunderbird as well. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1401454 Title: Thunderbird writes attachments to /tmp readable to everyone To manage notifications about this bug go to: https://bugs.launchpad.net/thunderbird/+bug/1401454/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
