Bug#555955: xulrunner-1.9.1: cookies.sqlite not cleared using sqlite secure delete when private data cleared
Josh Triplett
josh at joshtriplett.org
Thu Nov 12 21:27:14 UTC 2009
On Thu, Nov 12, 2009 at 10:07:27PM +0100, Mike Hommey wrote:
> On Thu, Nov 12, 2009 at 12:46:28PM -0800, Josh Triplett wrote:
> > Package: xulrunner-1.9.1
> > Version: 1.9.1.4-1
> > Severity: important
> >
> > xulrunner now builds against sqlite with the secure deletion facility
> > available, and seems to securely delete data from places.sqlite when
> > using "Clear Recent History". However, it does not securely delete data
> > from cookies.sqlite.
> >
> > Steps to reproduce:
> >
> > 1) Either start from a new profile, or do a "Clear Recent History" with
> > time range "Everything" and at least the "Cookies" box checked
> > followed by running "sqlite3 cookies.sqlite vacuum"
> >
> > 2) Run "strings cookies.sqlite | grep -i google", and observe that no
> > results appear.
> >
> > 3) Open Iceweasel, and visit google.com. Close Iceweasel.
> >
> > 4) Run "strings cookies.sqlite | grep -i google", and observe that some
> > results appear, as expected.
> >
> > 5) Open Iceweasel. Do a "Clear Recent History" with time range
> > "Everything" and at least the "Cookies" box checked. Close
> > Iceweasel.
> >
> > 6) Run "strings cookies.sqlite | grep -i google", and observe that the
> > results from step 4 still appear, despite having cleared cookies.
>
> Did you try removing the cookies from the cookies interface ?
After step 5 (clearing recent history), the cookies don't show up in the
cookies interface. And checking with the sqlite3 command-line utility
confirms that the moz_cookies table has no rows.
- Josh Triplett
More information about the pkg-mozilla-maintainers
mailing list