[prev in list] [next in list] [prev in thread] [next in thread]
List: freedesktop-xdg
Subject: Re: Trash Spec updated
From: David Faure <dfaure () trolltech ! com>
Date: 2005-04-13 9:41:12
Message-ID: 200504131141.12935.dfaure () trolltech ! com
[Download RAW message or body]
On Tuesday 12 April 2005 19:29, Mikhail Ramendik wrote:
> Hello,
>
> A long-overdue update of the Trash Spec, with escaping of the deleted file's
> name, is now available at:
>
> http://www.ramendik.ru/docs/trashspec.html
>
> David: could you please look through this to see if this adequately reflects
> what is implemented in KDE 3.4?
Yep, looks OK to me.
What I found missing in the spec was the security considerations, i.e. the required
permissions on the trash directories. $topdir/.Trash-$uid and the "home trash directory"
both need to
- be owned by user
- be a directory
- not be a symlink
- have exactly 0700 permissions (rwx------)
The spec talks about the specs for $topdir/.Trash, but not for .Trash-$uid/ or .Trash/$uid/ itself.
(BTW even just after creating a trash dir, better check for this, since on e.g. USB keys
mounted with uid==root, the "owned by user" security check will fail)
--
David Faure, faure@kde.org, sponsored by Trolltech to work on KDE,
Konqueror (http://www.konqueror.org), and KOffice (http://www.koffice.org).
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic