Closed ghost closed 3 years ago
specifications.freedesktop.org/trash-spec/trashspec-latest.html
Can you open an issue about this on the issue tracker for the spec? It would be good to get this info eventually included in the spec.
Good idea! Opened one here:
https://gitlab.freedesktop.org/xdg/xdg-specs/-/issues/78
With a patch for discussion here:
https://gitlab.com/dittyroma/xdg-specs/-/compare/master...harden-trashdir?from_project_id=27390697
Create trashdirs with limited permissions to prevent information leaks.
The XDG trash spec is here: https://specifications.freedesktop.org/trash-spec/trashspec-latest.html
It gives a main "home trash" directory, plus separate trashdirs per partition per user. The spec seems to be silent on permissions of these user trashdirs. Current behavior uses the default mode, which even with umask gets you world readable trashdirs. I think there's a risk here of exposing sensitive info. If you trash a sensitive file in a protected private directory where no one else could read it, it suddenly becomes visible to everyone in your unprotected trashdir.
This patch updates to create trashdirs with mode
0o700
, owner RWX. That prevents other users from reading your trash.Current behavior gets world readable trashdirs:
The update protects trashdirs to owner readable only:
I've tested this locally but I'm not sure a good way to get it into the test suite. You'd have to create a temporary partition without a trashdir to guarantee you get a creation. Or maybe intercept the partition listing module to inject a fake one. If you think it's important I can pursue this.