A trash implementation MUST check if owner/group of the $topdir/.Trash is root?
Andrea Francia
andrea at andreafrancia.it
Wed Jan 7 16:32:22 PST 2009
2009/1/8 David Faure <dfaure at trolltech.com <mailto:dfaure at trolltech.com>>
On Thursday 08 January 2009, Andrea Francia wrote:
> The Trash Specs says that the $topdir/.Trash directory is created
by the
> administrator but it doesn't say if the implementations MUST o
SHOULD check
> this.
In kio_trash I don't check the ownership of $topdir/.Trash, I don't
think it matters much.
Ok thanks.
As long as it has the sticky bit, is a dir, not a symlink, and is
writable by the user,
it seems ok to me. The privacy comes from the fact that the $uid
subdir must
be owned by the user, and must be 0700.
At the presente trash-cli does not check that the $uid mode and owner.
What the trash implementation should do if the $uid is readable by others?
Disabling the trashing operations?
What should the implementations do if the $uid is writable by others?
Avoid to restore?
But I agree with you, the "security checks" could be written out
more clearly
in the spec so that all implementations check exactly the same things.
Is there a bug tracker for the trash spec? This is not the first time
that we talk about the improvements of the specs.
If there is a bug tracker we could open an issue without the fear it is
lost.
--
Andrea Francia
http://andreafrancia.blogspot.com/
More information about the xdg
mailing list