Re: [Usability]Nautilus preferences proposal

On Sun, 28 Apr 2002, Maciej Stachowiak wrote:

> On 27Apr2002 09:15PM (-0400), Dave Bordoley wrote:
> > 
> > 5. speed tradeoffs: i actually like this one, except what the hell does
> > "Make folder appearances Details public" mean, i have no clue what this
> > preference does, but if it does anything useful well it should be
> > renamed.
> This preference controls whether an item's metadata is stored in the
> item's directory or in your home directory. The label is trying to
> explain the end-user effect (will other people be able to see settings
> of yours like icon positions and custom icons) but ends up being too
> vague I think.

Unfortunately there are some security issues with this preference. First 
of all it requires world writable metadata files, and world writable files 
are never good. Second if means that Nautilus will trust any metadata file 
it can read, and I can not guarantee that the code that reads metadata is 
secure. I'm pretty sure it can be used as a DoS, and possibly can be used 
for a worse attack.

We should at least make this option off by default, and possibly even 
remove it, unless someone is willing to audit all the metadata file code.

 Alexander Larsson                                            Red Hat, Inc 
                   alexl redhat com    alla lysator liu se 
He's a shy playboy sorceror on a mission from God. She's a plucky 
hypochondriac nun fleeing from a Satanic cult. They fight crime! 

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]