Bug 573044 – text en/de-crypted with the plugin goes to xsession-errors.log

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 573044 - text en/de-crypted with the plugin goes to xsession-errors.log


Summary:	text en/de-crypted with the plugin goes to xsession-errors.log


Status:	RESOLVED FIXED

Product:	seahorse-plugins
Classification:	Applications
Component:	Gedit
Version:	unspecified
Hardware:	Other Linux

Importance:	Normal major
Target Milestone:	2.24
Assigned To:	seahorse-plugins-maint
QA Contact:	seahorse-plugins-maint

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2009-02-25 00:18 UTC by Andreas Moog
Modified:	2009-02-25 04:21 UTC

See Also:
GNOME target:	---
GNOME version:	2.5/2.6

Description Andreas Moog 2009-02-25 00:18:49 UTC

Bug filed on Launchpad:
https://bugs.launchpad.net/bugs/307863

All texts processed by the seahorse plugin for gedit are silently sent to gedit's standard output. Consequently, when gedit is launched via a launcher or the applications menu, all texts processed by the plugin, including decrypted text, are sent to the ~/.xsession-errors log file which is by default world readable.
Any other user in the system is thus able to read the decrypted text until another session is restarted and the ~/.xsession-errors file is overwritten. Moreover, the decrypted text having been written to disk, it is remotely possible to recover it with a disk analysis, depending on the circumstances, all that without the user being aware of it.

Comment 1 Adam Schreiber 2009-02-25 04:21:04 UTC

Fixed.

2009-02-24  Adam Schreiber  <sadam@clemson.edu>

    * plugins/gedit/seahorse-gedit.c: Don't print replacement text to stderr.
    Fixes bug #573044