Patchf for 46475: Users may expose files from private folders by 'Move to Trash'

I've added a simple patch to:

It always uses 0700 permissions for trash directories other than
~/.Trash. That stops other users from seeing the files, I hope.
(Of course, I should use S_IRWXU rather than 0700.)

I'm a little worried that since other users may have write access to the
parent of the trash directories then they may be able to rename, delete
or read the trash files in some way. (I'm not a filesystem security

If the sticky bit is set on the parent directory, that may stop people
deleting other people's trash folders. But I'm not sure if that is
totally secure. And it needs to be documented.

It also seems a bit odd to place these directories in the root directory
of the device. It means this directory has to be writable by all, or
people can't create trash folders. But would sysadmins be happy to make
the root directory writable by everyone?


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]