https://bugs.kde.org/show_bug.cgi?id=430270
Bug ID: 430270
Summary: directory-tree/file data stored for encrypted volumes
Product: dolphin
Version: unspecified
Platform: unspecified
OS: Linux
Status: REPORTED
Severity: grave
Priority: NOR
Component: general
Assignee: dolphin-bugs-n...@kde.org
Reporter: mic...@earthlink.net
CC: kfm-de...@kde.org
Target Milestone: ---
SUMMARY
Dolphin (KDE/OpenSuSE 15.1) seems to store directory paths (and maybe file
names) under the user's ~/.local directory. This is a security leak. For
instance, using KDE/Dolphin to navigate the directory tree in a VeraCrypt
volume records the directory structure and filenames.
STEPS TO REPRODUCE
1. Open VeraCrypt volume
2. Navigate directory tree and open some file in VC volume
3. Close/unmount Veracrypt volume
4. Use kfind to search for the VC file that was opened under Dolphin
4. Kfind will show a record of the location of that file under the VC volume
(in opensuse this is under ~/.local/share/)
5. = Major security breakage + permanent record
OBSERVED RESULT
Breaks security
EXPECTED RESULT
No security leaks - quick/temp solution: suggest a "wipe history" function for
Dolphin which does "rm" function (not "move-to-trash") for these records. This
could be a user-interface function similar to clipboard's "clear clipboard
history" function.
SOFTWARE/OS VERSIONS
Windows:
macOS:
Linux/KDE Plasma:
~> plasmashell --version
plasmashell 5.12.8
(available in About System)
KDE Plasma Version:
KDE Frameworks Version:
Qt Version:
ADDITIONAL INFORMATION
--
You are receiving this mail because:
You are watching all bug changes.
