Patchf for 46475: Users may expose files from private folders by 'Move to Trash'

From: Damon Chaplin <damon ximian com>
To: nautilus <nautilus-list eazel com>
Subject: Patchf for 46475: Users may expose files from private folders by 'Move to Trash'
Date: 06 Jun 2002 15:55:57 -0400

I've added a simple patch to:

   http://bugzilla.gnome.org/show_bug.cgi?id=46475


It always uses 0700 permissions for trash directories other than
~/.Trash. That stops other users from seeing the files, I hope.
(Of course, I should use S_IRWXU rather than 0700.)

I'm a little worried that since other users may have write access to the
parent of the trash directories then they may be able to rename, delete
or read the trash files in some way. (I'm not a filesystem security
expert.)

If the sticky bit is set on the parent directory, that may stop people
deleting other people's trash folders. But I'm not sure if that is
totally secure. And it needs to be documented.


It also seems a bit odd to place these directories in the root directory
of the device. It means this directory has to be writable by all, or
people can't create trash folders. But would sysadmins be happy to make
the root directory writable by everyone?

Damon

Follow-Ups:
- Re: Patchf for 46475: Users may expose files from private folders by 'Move to Trash'
  - From: Alexander Larsson

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]