Community-edition: Services don't get deleted properly (security issue)

Created on 26 Apr 2017 · 14Comments · Source: ramboxapp/community-edition

Steps to reproduce

Create a service
Delete service from configuration
(for windows) look in %APPDATA%RamboxPartitions for service

Expected behavior

If a service is deleted, it should be deleted for good.

Actual behavior

The deleted service does not become deleted on disk.
If you delete a service and re-create the same service, you could instantly access it because e.g. cookies aren't deleted (worked with tweetdeck for example).
This is a potential security issue!

ENVIRONMENT

Rambox: v0.5.3
OS: Windows 10 Pro Version 1607 Build 14393.576
Arch: x64

electron-bug-assumption help wanted

Source

ghost

👍5

Most helpful comment

It is not fixed! Please reopen!

MurzNN on 28 Feb 2019

👍4

All 14 comments

You've the same behaviour on macOS Sierra 10.12.4 (16E195) under "~/Library/Application Support/Rambox/Partitions".

Version: 0.5.3
Platform: darwin (x64)
Electron: 1.4.15
Chromium: 53.0.2785.143
Node: 6.5.0

timorunge on 26 Apr 2017

@timorunge thx!

Oh, by the way, "clear local storage" won't delete those either.

ghost on 26 Apr 2017

I will take a look on this, it's an important issue. Thanks guys.

saenzramiro on 7 Jun 2017

👍2

Seems like Electron doesn't have the ability to remove that folder, instead you can clear all the data inside it like cache, local storage, history, etc.

We can improve the folder deletion in a future release.

saenzramiro on 2 Oct 2017

Is there a way to know which folder belongs to which (configured) service? For example, I have a bunch of custom_* services, but I don't know which one is the correct one. Also, I have two gmail_* folders, but only one configured in Rambox itself.

ghost on 5 Oct 2017

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] on 21 Dec 2018

Problem is still here!

MurzNN on 22 Dec 2018

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] on 20 Feb 2019

This issue has been automatically closed since there has not been any recent activity. Please open a new issue for related bugs.

stale[bot] on 27 Feb 2019

👎2

It is not fixed! Please reopen!

MurzNN on 28 Feb 2019

👍4

Can confirm that the issue persists from another angle.

Did a little cleanup before migrating to a new machine and noticed 2 GB worth of data stored in .config/Rambox/Partitions.

Going via

Help > Tools > Clear Cache
Help > Tools > Clear Local Storage

leaves me with all previously set up services gone and still 2 GB of data sitting around in .config/Rambox/Partitions :-(

Using
Version: 0.6.3
Platform: linux (x64)
Electron: 2.0.14
Chromium: 61.0.3163.100
Node: 8.9.3

hussong on 10 Mar 2019

Hi.

I was working on this issue but it seems out of my reach. I keep getting "Resource busy or locked" when I try to remove the just-removed service's partition folder. Looks like Rambox process is still "using" those files after removing the service.
Also tryed to update electron to v5 to see if they made any improvements with "clear" methods of session. Several errors occurred in Rambox, so I withdrawed that. If someone wants to follow this aproach, be my guest.

I created "delete-partition-folder" branch. See e7046484a0dc0e1bd63d0b2fa1c33919725aeb14 where I added the fse.remove() method (which should delete directories and files recursively).

If anyone has any idea on how to fix this, we'll apreciate it. Feel free to commit to this branch and/or make a PR.

Bye.