Trash spec 0.4

[David Faure]

On Thursday 09 September 2004 16:00, Sean Middleditch wrote:
> On Thu, 2004-09-09 at 12:48 +0200, David Faure wrote:
> > On Thursday 09 September 2004 10:08, Alexander Larsson wrote:
> 
> > > > The system SHOULD only support absolute pathnames in the home
> > > > trash directory, not in the directories under $topdir. 
> > > 
> > > Why is this? 
> > 
> > The idea was to avoid "trojan devices" which would be able to have
> > fake trashed files which, when restored, would overwrite files in another partition.
> > E.g. a /mnt/floppy/.Trash/$uid/info/foo.txt could contain Path=/home/someone/.profile,
> > and restoring foo would try to overwrite the user's .profile...
> 
> So what about a "trojan" floppy that has a symlink on it?
> Say, /mnt/floppy/foo points to /home/someone/.profile and the Path=foo ?

Then you'll restore it to /mnt/floppy/foo (overwriting the link), I don't see where the problem is.

Ah you mean if foo is symlink to a directory, not to a file? Like
a symlink foo pointing to $HOME and you have Path=foo/.profile.
Then following the symlink would indeed overwrite $HOME/.profile
(with a warning dialog first, of course).

> Perhaps it's best to say that when restoring a file, it may only ever be
> restored to the exact same device the trash is on?  Following symlinks
> is OK so long as they are not followed off the device.

Indeed (can be done by comparing st_rdev of source file and destination directory I guess)

-- 
David Faure, faure at kde.org, sponsored by Trolltech to work on KDE,
Konqueror (http://www.konqueror.org), and KOffice (http://www.koffice.org).