Thanks for the report! We should definitely fix this!
But I'm having trouble reproducing it. I tried backing up and restoring,
didn't see any /tmp files. I also wasn't sure whether you mean the
encryption passphrase or the password for a network server. So I did
both. Still didn't see any /tmp files.
(This was all with 37.1-2fakesync1ubuntu0.1 on Ubuntu 18.04.)
Can you explain what the steps are for you to get to the point where we
are storing the passphrase in /tmp in plaintext? Also, is the file you
see world-readable? (Just trying to get a sense of the severity)
** Changed in: deja-dup (Ubuntu)
Importance: Undecided => Critical
** Changed in: deja-dup (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to deja-dup in Ubuntu.
https://bugs.launchpad.net/bugs/1814238
Title:
deja-dup saves passphrase in /tmp
Status in deja-dup package in Ubuntu:
Incomplete
Bug description:
I have unchecked the "save passphrase" option in deja-dup, but still I
have found the file /tmp/deja-dup-HXGLWZ that contains my passphrase
in the clear.
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: deja-dup 37.1-2fakesync1
ProcVersionSignature: Ubuntu 4.15.0-43.46-generic 4.15.18
Uname: Linux 4.15.0-43-generic x86_64
NonfreeKernelModules: openafs
ApportVersion: 2.20.9-0ubuntu7.5
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Fri Feb 1 10:59:06 2019
SourcePackage: deja-dup
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/deja-dup/+bug/1814238/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
