Trash spec and permission checks
David Faure
faure at kde.org
Sat Sep 19 08:25:52 PDT 2015
http://standards.freedesktop.org/trash-spec/trashspec-1.0.html
doesn't say that implementations should check ownership and permission
of $topdir/.Trash/$uid
It says however that .Trash is writable for all users, obviously.
So if I'm uid 1000, I could create $topdir/.Trash/1001 and make it world-readable,
and this way read all the files that user 1001 is trashing?
These files might be 0770, but that other user didn't think I would ever be able
to read them because he put them inside a 0700 directory.
It sounds to me like the spec should mandate checking that $topdir/.Trash/$uid
is owned by $uid and is 0700.
Of course a further complication is that FAT, NTFS and SMB don't support such
permissions, so such a requirement would break trashing on such filesystems,
but of course there the users have no such expectation anyway. So we could say
"if the filesystem supports permissions, then check for 0700 and $uid".
--
David Faure, faure at kde.org, http://www.davidfaure.fr
Working on KDE Frameworks 5
More information about the xdg
mailing list