Re: [Usability]Nautilus preferences proposal
- From: Alex Larsson <alexl redhat com>
- To: Maciej Stachowiak <mjs noisehavoc org>
- Cc: Dave Bordoley <bordoley msu edu>, <nautilus-list gnome org>
- Subject: Re: [Usability]Nautilus preferences proposal
- Date: Sun, 28 Apr 2002 15:23:40 -0400 (EDT)
On Sun, 28 Apr 2002, Maciej Stachowiak wrote:
> On 27Apr2002 09:15PM (-0400), Dave Bordoley wrote:
> >
> > 5. speed tradeoffs: i actually like this one, except what the hell does
> > "Make folder appearances Details public" mean, i have no clue what this
> > preference does, but if it does anything useful well it should be
> > renamed.
>
> This preference controls whether an item's metadata is stored in the
> item's directory or in your home directory. The label is trying to
> explain the end-user effect (will other people be able to see settings
> of yours like icon positions and custom icons) but ends up being too
> vague I think.
Unfortunately there are some security issues with this preference. First
of all it requires world writable metadata files, and world writable files
are never good. Second if means that Nautilus will trust any metadata file
it can read, and I can not guarantee that the code that reads metadata is
secure. I'm pretty sure it can be used as a DoS, and possibly can be used
for a worse attack.
We should at least make this option off by default, and possibly even
remove it, unless someone is willing to audit all the metadata file code.
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Alexander Larsson Red Hat, Inc
alexl redhat com alla lysator liu se
He's a shy playboy sorceror on a mission from God. She's a plucky
hypochondriac nun fleeing from a Satanic cult. They fight crime!
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
