Re: [Usability]Nautilus preferences proposal

From: Maciej Stachowiak <mjs noisehavoc org>
To: Alex Larsson <alexl redhat com>
Cc: Maciej Stachowiak <mjs noisehavoc org>, Dave Bordoley <bordoley msu edu>, nautilus-list gnome org
Subject: Re: [Usability]Nautilus preferences proposal
Date: Sun, 28 Apr 2002 18:04:21 -0700

On 28Apr2002 03:23PM (-0400), Alex Larsson wrote:
> 
> Unfortunately there are some security issues with this preference. First 
> of all it requires world writable metadata files, and world writable files 
> are never good.

I'm pretty sure it doesn't require world-writable files. If you can't
write to the shared location, the metafile goes in your home directory
if you make changes.

> Second if means that Nautilus will trust any metadata file 
> it can read, and I can not guarantee that the code that reads metadata is 
> secure. I'm pretty sure it can be used as a DoS, and possibly can be used 
> for a worse attack.

That might be true. However, I'm not sure why reading a metafile that
comes from a strange filesystem is inherently more of a risk than
reading a text file (the text viewer code hasn't been audited
either). I suppose most users consider browsing directories to be less
risky than opening files.

> We should at least make this option off by default, and possibly even 
> remove it, unless someone is willing to audit all the metadata file code.

You may be right that it's good to put it off by default.

 - Maciej

Follow-Ups:
- Re: [Usability]Nautilus preferences proposal
  - From: Alex Larsson

References:
- Re: [Usability]Nautilus preferences proposal
  - From: Maciej Stachowiak
- Re: [Usability]Nautilus preferences proposal
  - From: Alex Larsson

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]