Unifying ~/Desktop - security issues with ~/Trash
quinet at gamers.org
Thu Jun 13 09:36:42 BST 2002
On 11 Jun 2002 22:01:05 -0400, "Havoc Pennington" <hp at redhat.com> wrote:
> (If throw away a file, and it ends up in ~/Trash, then it's quite
> possible that moving it from its original location to ~/Trash changes
> the set of people that are able to or likely to see it, or changes
> whether the file is on a crypted filesystem, or perhaps moves the file
> from local storage onto my NFS-mounted home dir; all those are
> possible - though in my mind not very important - security issues.
This is not pure speculation because I have exactly this case here: I
have several machines on which some project directories containing
confidential documents are on (local) encrypted filesystems, while all
home directories and some non-confidential project directories are
NFS-mounted from several remote servers.
Although I do not use Nautilus (yet) on these machines, I would
certainly object to having a file manager that moves some deleted files
from an encrypted file system to an NFS-mounted home directory. The
confidential documents would suddenly become available on the remote
servers, even after the machine containing the original files (e.g., a
laptop) has been disconnected from the network. I would consider this
to be a serious security issue.
In addition, the NFS-mounted home directories have relatively low quota
limits, while the local filesystems have no quotas. Moving some large
files from a local filesystem (encrypted or not) to their home
directories could cause some users to exceed their quota or to come
close to their limit.
P.S.: Although I am not too concerned about that, I also expect some
problems if the filesystem from which the file is deleted and
the home filesystem have different limitations for the names or
attributes of the files. For example: ext2/3, minix, msdos and
isofs have different limitations. Moving a file to the trash
and then moving it back may not restore its name or attributes
correctly if they are on different filesystems.
More information about the kde-core-devel