Re: [Usability]Nautilus preferences proposal

From: Alex Larsson <alexl redhat com>
To: Maciej Stachowiak <mjs noisehavoc org>
Cc: nautilus-list gnome org
Subject: Re: [Usability]Nautilus preferences proposal
Date: Sun, 28 Apr 2002 21:25:22 -0400 (EDT)

On Sun, 28 Apr 2002, Maciej Stachowiak wrote:

> On 28Apr2002 03:23PM (-0400), Alex Larsson wrote:
> > 
> > Unfortunately there are some security issues with this preference. First 
> > of all it requires world writable metadata files, and world writable files 
> > are never good.
> 
> I'm pretty sure it doesn't require world-writable files. If you can't
> write to the shared location, the metafile goes in your home directory
> if you make changes.

If I switch to manual layout in /tmp Nautilus creates a world writable 
.nautilus-metadata. And it has to, if anyone else are supposed to be able 
to change the metadata. This is true even for my homedir.

> > Second if means that Nautilus will trust any metadata file 
> > it can read, and I can not guarantee that the code that reads metadata is 
> > secure. I'm pretty sure it can be used as a DoS, and possibly can be used 
> > for a worse attack.
> 
> That might be true. However, I'm not sure why reading a metafile that
> comes from a strange filesystem is inherently more of a risk than
> reading a text file (the text viewer code hasn't been audited
> either). I suppose most users consider browsing directories to be less
> risky than opening files.

The same thing could be said about reading thumbnails, or even 
thumbnailing images. But the metadata file is more complicated, and 
therefore easier to attack. An easy DoS is probably to set /dev/zero as a 
custom icon for a file. I won't go into more details on what else could be 
done.

> > We should at least make this option off by default, and possibly even 
> > remove it, unless someone is willing to audit all the metadata file code.
> 
> You may be right that it's good to put it off by default.

I think so.

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 Alexander Larsson                                            Red Hat, Inc 
                   alexl redhat com    alla lysator liu se 
He's a deeply religious misogynist sorceror who hides his scarred face behind 
a mask. She's a violent antique-collecting college professor with only herself 
to blame. They fight crime!

References:
- Re: [Usability]Nautilus preferences proposal
  - From: Maciej Stachowiak

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]