Bug 396479 – Preview mode: files are not unlink'ed

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 396479 - Preview mode: files are not unlink'ed


Summary:	Preview mode: files are not unlink'ed


Status:	RESOLVED DUPLICATE of bug 365282

Product:	evince
Classification:	Core
Component:	general
Version:	0.6.x
Hardware:	Other Linux

Importance:	Normal critical
Target Milestone:	---
Assigned To:	Evince Maintainers
QA Contact:	Evince Maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2007-01-14 15:33 UTC by albrecht.dress
Modified:	2007-01-14 15:43 UTC

See Also:
GNOME target:	---
GNOME version:	2.15/2.16

Description albrecht.dress 2007-01-14 15:33:21 UTC

When using evince as preview application for Gtk+-2.10, the input file will be in the temp folder.  When evince is closed, this file is not erased.  This is a *critical* security risk.

As an example, consider an email client (MUA) which decrypts a PGP encrypted message.  It now uses evince to preview the message printout.  When the MUA is terminated, the user will of course assume that none of h(is|er) confidential data is leaked, but there is still a pretty formatted file in the temp folder, readable for root.

Therefore, in preview mode, evince *must* at least erase the file from the temp folder.  It might be a good idea to safely erase the contents (as e.g. shred(1) does, or using a more secure algorithm).  This is effectual on non-journaled file systems only, though.

Comment 1 Carlos Garcia Campos 2007-01-14 15:43:50 UTC

Thanks for the bug report. This particular bug has already been reported into our bug tracking system, but please feel free to report any further bugs you find.


*** This bug has been marked as a duplicate of 365282 ***