BUG: 383144
Details
- Reviewers
apol albertvaka - Group Reviewers
KDE Connect - Commits
- R224:7e7aa6df3fe5: Fix information leak via /tmp
Diff Detail
- Repository
- R224 KDE Connect
- Branch
- arcpatch-D7146
- Lint
No Linters Available - Unit
No Unit Test Coverage
plugins/notifications/notification.cpp | ||
---|---|---|
36 | Use QStandardPaths, this isn't portable. |
plugins/notifications/notification.cpp | ||
---|---|---|
37 | Are the icons reused over restarts? In that case a cache is what you want. | |
119 | Where is this file deleted? |
plugins/notifications/notification.cpp | ||
---|---|---|
117 | QUrl destinationUrl = QUrl::fromLocalPath(mIconPath); And drop the line below |
plugins/notifications/notification.cpp | ||
---|---|---|
69 | The file is created and filled with a FileTransferJob. Setting the file permission after the job has finished does not help privacy. Please set the permissions on the directory. |
Set strict permission on the tmp directory. This way each user needs his owm tmp directory or else only one user could use KDE Connect on a system,
because sharing the tmp folder as before will be impossible.