Trash spec 0.4
Sean Middleditch
elanthis at awesomeplay.com
Thu Sep 9 17:00:59 EEST 2004
On Thu, 2004-09-09 at 12:48 +0200, David Faure wrote:
> On Thursday 09 September 2004 10:08, Alexander Larsson wrote:
> > > The system SHOULD only support absolute pathnames in the home
> > > trash directory, not in the directories under $topdir.
> >
> > Why is this?
>
> The idea was to avoid "trojan devices" which would be able to have
> fake trashed files which, when restored, would overwrite files in another partition.
> E.g. a /mnt/floppy/.Trash/$uid/info/foo.txt could contain Path=/home/someone/.profile,
> and restoring foo would try to overwrite the user's .profile...
So what about a "trojan" floppy that has a symlink on it?
Say, /mnt/floppy/foo points to /home/someone/.profile and the Path=foo ?
Perhaps it's best to say that when restoring a file, it may only ever be
restored to the exact same device the trash is on? Following symlinks
is OK so long as they are not followed off the device.
--
Sean Middleditch <elanthis at awesomeplay.com>
AwesomePlay Productions, Inc.
More information about the xdg
mailing list