*security?* Re: Trash spec 0.2, technical questions

Jerry Haltom wasabi at larvalstage.net
Tue Aug 31 07:20:19 EEST 2004


The spec currently says the "info" file may have a absolute character for
the original path name. I would say this is BAD.

First off, different systems may have the same remote file system mounted
at different places... even the same user might. Such as accessing his
files from home.

** security thing **
Additionally, it places extra burden on the undelete command to verify
that the absolute path is within the original file system, so that it does
not undelete malicious info entries into the wrong location.

I would vote for the original path to be defined as "a relative path from
the parent directory of the .Trash directory which cannot contain .."'s






More information about the xdg mailing list