*security?* Re: Trash spec 0.2, technical questions
alexl at redhat.com
Tue Aug 31 09:58:06 EEST 2004
On Tue, 2004-08-31 at 06:20, Jerry Haltom wrote:
> The spec currently says the "info" file may have a absolute character for
> the original path name. I would say this is BAD.
> First off, different systems may have the same remote file system mounted
> at different places... even the same user might. Such as accessing his
> files from home.
> ** security thing **
> Additionally, it places extra burden on the undelete command to verify
> that the absolute path is within the original file system, so that it does
> not undelete malicious info entries into the wrong location.
How would you verify that?
> I would vote for the original path to be defined as "a relative path from
> the parent directory of the .Trash directory which cannot contain .."'s
But that makes it impossible to trash many files. See previous
discussion of symlinks and what can be put in ~/.Trash.
Alexander Larsson Red Hat, Inc
alexl at redhat.com alla at lysator.liu.se
He's a notorious moralistic jungle king living undercover at Ringling Bros.
Circus. She's an artistic wisecracking bodyguard with a birthmark shaped like
Liberty's torch. They fight crime!
More information about the xdg