This is not a good security and privacy practice to have users using the default file compression option on some files before sending them to others when those files contain the user's exact username and group name (not just UID=1000 and GID=1000).
Steps to reproduce:
1. Right click on a file or folder and choose "Compress...".
2. Use the default ".tar.gz" file type and create the archive file.
3. Run "tar -tvf" on the file and see how it saves the actual username and actual group name of those files.
Possible solutions:
1. If making file-roller use root:root instead would be too annoying due to some users wanting to save that file ownership information, why not make file-roller use UID=1000 and GID=1000 instead as a middle ground approach?
2. Perhaps an option to preserve ownership in the "Other options" section?
Thanks for reading!
[file-roller] Cinnamon's default "Compress..." option .tar.gz leaks usernames
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
[file-roller] Cinnamon's default "Compress..." option .tar.gz leaks usernames
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Re: [file-roller] Cinnamon's default "Compress..." option .tar.gz leaks usernames
Hello, Yfrwlf.
The citricized behaviour is actually a default feature of the .tar archive format.
A .tar.gz archive in the end is an uncompressed .tar archive, in the default format, in which the comand tar will create .tar archives. This .tar archive is then compressed by gzip, which gives you the final .tar.gz archive.
File-roller internally does precisely this, create the default .tar achive, which is then gzipped.
It is a valid point to discuss, whether the default .tar archive is secure or not.
The security aspect is a valid point for discussion.
Only the thread has been submitted in the wrong sub-forum. Will move it to "Chat about Linux", because .tar archives and .tar.gz archives are not specific to Linux Mint, but used widely on Linux systems.
And in quite a few cases, they are used precisely because they permit preserving user, group and access permissions from the source machine and restoring them on the target machine(s).
Best regards,
Karl
The citricized behaviour is actually a default feature of the .tar archive format.
A .tar.gz archive in the end is an uncompressed .tar archive, in the default format, in which the comand tar will create .tar archives. This .tar archive is then compressed by gzip, which gives you the final .tar.gz archive.
File-roller internally does precisely this, create the default .tar achive, which is then gzipped.
It is a valid point to discuss, whether the default .tar archive is secure or not.
- But is this a new idea or suggestion? - I do not think so. It is a valid point of discussion
- Is the potential problem of revealing one's own user and group name to a recipient really a problem?
- Is the behaviour of file-roller Cinnamon specific? - Definitely not. File-roller behaves in the same way on all systems, irrespective of the desktop environment.
The security aspect is a valid point for discussion.
Only the thread has been submitted in the wrong sub-forum. Will move it to "Chat about Linux", because .tar archives and .tar.gz archives are not specific to Linux Mint, but used widely on Linux systems.
And in quite a few cases, they are used precisely because they permit preserving user, group and access permissions from the source machine and restoring them on the target machine(s).
Best regards,
Karl
The people of Alderaan have been bravely fighting back the clone warriors sent out by the unscrupulous Sith Lord Palpatine for 771 days now.
Lifeline
Re: [file-roller] Cinnamon's default "Compress..." option .tar.gz leaks usernames
Excellent points, Karl, thanks!karlchen wrote: ⤴Fri Apr 02, 2021 9:49 am Hello, Yfrwlf.
The citricized behaviour is actually a default feature of the .tar archive format.
A .tar.gz archive in the end is an uncompressed .tar archive, in the default format, in which the comand tar will create .tar archives. This .tar archive is then compressed by gzip, which gives you the final .tar.gz archive.
File-roller internally does precisely this, create the default .tar achive, which is then gzipped.
It is a valid point to discuss, whether the default .tar archive is secure or not.Again:
- But is this a new idea or suggestion? - I do not think so. It is a valid point of discussion
- Is the potential problem of revealing one's own user and group name to a recipient really a problem?
- Is the behaviour of file-roller Cinnamon specific? - Definitely not. File-roller behaves in the same way on all systems, irrespective of the desktop environment.
The security aspect is a valid point for discussion.
Only the thread has been submitted in the wrong sub-forum. Will move it to "Chat about Linux", because .tar archives and .tar.gz archives are not specific to Linux Mint, but used widely on Linux systems.
And in quite a few cases, they are used precisely because they permit preserving user, group and access permissions from the source machine and restoring them on the target machine(s).
Best regards,
Karl
Some pertinent questions to ask then would be what do users most often use file-roller for when they create file archives? For restoring machines and other situations in which they want to preserve ownership information, or for sending files to other users or businesses? If the latter, perhaps the default format should be zip, 7-zip, or some other format instead.