Re: [Usability]Nautilus preferences proposal

On 28Apr2002 03:23PM (-0400), Alex Larsson wrote:
> Unfortunately there are some security issues with this preference. First 
> of all it requires world writable metadata files, and world writable files 
> are never good.

I'm pretty sure it doesn't require world-writable files. If you can't
write to the shared location, the metafile goes in your home directory
if you make changes.

> Second if means that Nautilus will trust any metadata file 
> it can read, and I can not guarantee that the code that reads metadata is 
> secure. I'm pretty sure it can be used as a DoS, and possibly can be used 
> for a worse attack.

That might be true. However, I'm not sure why reading a metafile that
comes from a strange filesystem is inherently more of a risk than
reading a text file (the text viewer code hasn't been audited
either). I suppose most users consider browsing directories to be less
risky than opening files.

> We should at least make this option off by default, and possibly even 
> remove it, unless someone is willing to audit all the metadata file code.

You may be right that it's good to put it off by default.

 - Maciej

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]