*security?* Re: Trash spec 0.2, technical questions

[Alexander Larsson]

On Tue, 2004-08-31 at 06:20, Jerry Haltom wrote:
> The spec currently says the "info" file may have a absolute character for
> the original path name. I would say this is BAD.
> 
> First off, different systems may have the same remote file system mounted
> at different places... even the same user might. Such as accessing his
> files from home.
> 
> ** security thing **
> Additionally, it places extra burden on the undelete command to verify
> that the absolute path is within the original file system, so that it does
> not undelete malicious info entries into the wrong location.

How would you verify that?

> I would vote for the original path to be defined as "a relative path from
> the parent directory of the .Trash directory which cannot contain .."'s

But that makes it impossible to trash many files. See previous
discussion of symlinks and what can be put in ~/.Trash.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 Alexander Larsson                                            Red Hat, Inc 
                   alexl at redhat.com    alla at lysator.liu.se 
He's a notorious moralistic jungle king living undercover at Ringling Bros. 
Circus. She's an artistic wisecracking bodyguard with a birthmark shaped like 
Liberty's torch. They fight crime!