You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Today I've received the following bug (also available online here):
Dear Maintainer,
What led up to the situation?
If one enables deleting temp files of the flash-plugin then also the config-file of the flash-plugin gets deleted.
What exactly did you do (or not do) that was effective (or ineffective)?
I had enabled deleting of the undesired flash files (cookies, tmp files etc.)
What was the outcome of this action?
It deleted also the (binary) config file: ~/.macromedia/Flash_Player/macromedia.com/support/flashplayer/sys/settings.sol
What outcome did you expect instead?
It should not delete that file, because that is a config file, and if it is not existent, then the defaults apply, and that leads to severe security issues, because if one had tightened the security of the flash-plugin, then these security settings will silently be gone by deleting the said file. So, the said file should be not deleted by this otherwise useful program.
Please, notice that this bug have been reported against bleachbit's version 1.4, currently available on Debian Jessie.
I haven't reproduced this bug on later versions (lack of time, sorry). I've decided to directly forward the bug since it may be a security issue.
Thanks for your work,
Hugo
The text was updated successfully, but these errors were encountered:
Hi,
I'm bleachbit's Debian Maintainer.
Today I've received the following bug (also available online here):
Dear Maintainer,
If one enables deleting temp files of the flash-plugin then also the config-file of the flash-plugin gets deleted.
I had enabled deleting of the undesired flash files (cookies, tmp files etc.)
It deleted also the (binary) config file:
~/.macromedia/Flash_Player/macromedia.com/support/flashplayer/sys/settings.sol
It should not delete that file, because that is a config file, and if it is not existent, then the defaults apply, and that leads to severe security issues, because if one had tightened the security of the flash-plugin, then these security settings will silently be gone by deleting the said file. So, the said file should be not deleted by this otherwise useful program.
Please, notice that this bug have been reported against bleachbit's version 1.4, currently available on Debian Jessie.
I haven't reproduced this bug on later versions (lack of time, sorry). I've decided to directly forward the bug since it may be a security issue.
Thanks for your work,
Hugo
The text was updated successfully, but these errors were encountered: