Comment 43 for bug 112684

Apologies for the discussion, will keep them in future to the forums.

The issue about photo persisting is a question of magnitude, as they are open already for a short time, so this is not a new break in security/privacy, but making it a little less. Those needing the patch (e.g. Thunderbird) would otherwise have to set a long time-out, leading to the same sort of exposure.

However, the System.IO.Directory.CreateDirectory() used to create the /tmp directories can, I believe, take a security descriptor as well. I don't know how this works in the Windows/LINUX cross over, but if we could chmod 700 the resulting directories they would be safe from reading by others, and as /tmp is normally created with the 'sticky bit' set, others cannot modify or delete your won directories.

How much it matters is debatable, for most it is probably a single-user machine, or family, and the default umask allows others to read your files/photos unless you specifically set permissions to block them. But setting the temp directories permissions correctly would be a good point in principle anyway.