On Thu, Nov 12, 2009 at 11:34:45PM +0100, Mike Hommey wrote: > On Thu, Nov 12, 2009 at 01:27:14PM -0800, Josh Triplett wrote: > > On Thu, Nov 12, 2009 at 10:07:27PM +0100, Mike Hommey wrote: > > > On Thu, Nov 12, 2009 at 12:46:28PM -0800, Josh Triplett wrote: > > > > Package: xulrunner-1.9.1 > > > > Version: 1.9.1.4-1 > > > > Severity: important > > > > > > > > xulrunner now builds against sqlite with the secure deletion facility > > > > available, and seems to securely delete data from places.sqlite when > > > > using "Clear Recent History". However, it does not securely delete data > > > > from cookies.sqlite. > > > > > > > > Steps to reproduce: > > > > > > > > 1) Either start from a new profile, or do a "Clear Recent History" with > > > > time range "Everything" and at least the "Cookies" box checked > > > > followed by running "sqlite3 cookies.sqlite vacuum" > > > > > > > > 2) Run "strings cookies.sqlite | grep -i google", and observe that no > > > > results appear. > > > > > > > > 3) Open Iceweasel, and visit google.com. Close Iceweasel. > > > > > > > > 4) Run "strings cookies.sqlite | grep -i google", and observe that some > > > > results appear, as expected. > > > > > > > > 5) Open Iceweasel. Do a "Clear Recent History" with time range > > > > "Everything" and at least the "Cookies" box checked. Close > > > > Iceweasel. > > > > > > > > 6) Run "strings cookies.sqlite | grep -i google", and observe that the > > > > results from step 4 still appear, despite having cleared cookies. > > > > > > Did you try removing the cookies from the cookies interface ? > > > > After step 5 (clearing recent history), the cookies don't show up in the > > cookies interface. And checking with the sqlite3 command-line utility > > confirms that the moz_cookies table has no rows. > > Yes, but there is a remove all cookies in the cookies list. If you do > that in a new profile with new cookies, are they properly "securely" > deleted ?
I just tested that, and no, that doesn't work either. Starting from no data in cookies.sqlite, I visited google.com, closed Iceweasel, confirmed that a couple of cookies appear in cookies.sqlite, opened Iceweasel, used "Remove all cookies", closed Iceweasel, and confirmed that the cookies still appear in cookies.sqlite even though moz_cookies has no rows. - Josh Triplett -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
