Overview

When preparing the {TEMP_DATABASE} path, remote sync uses the default temp directory from QDir which isn't ideal on Linux. Moreover it only prepares a possibly unique name in the path and doesn't check if it exists prior to using it.

Expected Behavior

We should use QStandardPaths::writableLocation(QStandardPaths::RuntimeLocation) if it's available as it's usually a tmpfs that already has strict permissions making it ephemeral and more secure than /tmp which is what it currently ends up using.

Additionally it should create a unique directory in there with strict permissions and use that as the root for {TEMP_DATABASE}. After the sync is done that whole path should be recursively removed so regardless what the sync command did in that path nothing is left behind. This ensures that even if on non-Linux (or no systemd) the temp directory is world readable and persistent, KeePassXC crashing or failing somehow would only leave a directory behind that is inaccessible by other users.

Actual Behavior

On Linux, /tmp is used as the root, existence of the generated temp name is not checked and due to the unfortunate fact of using /tmp as the root the files can be world readable.

Context

#10842