Hi Rodrigo, On Mon, 5 Aug 2024 15:06:04 +0200 Rodrigo Arias <[email protected]> wrote:
> >> I think we could just not allow $HOME to be set as save_dir (or any > >> directory that contains $HOME, like /home) and refuse to start if > >> this is the case. Sorry, I guess this is the part that confused me: "(or any directory that contains $HOME, like /home)" I agree with it, just not sure how to implement while still allowing a save_dir like '$HOME/Downloads', or '/home/user/Downloads'. Maybe it's a simple thing, but any help would be appreciated! > >Not sure I understand what this achieves. So '/home/user' would be > >blocked, but '/home/user/foo' would be allowed? Why not just > >explicitly block access to ~/.ssh with unveil, and then let the user > >do whatever they want after that? > > Yeah, but there may be a lot of other unknown directories we don't > want Dillo to access to (~/.config, ~/.cache, ...). So I think is a > good approach to block all directories in home, except the downloads > one. > > Another attack may involve encrypting ~/Pictures and asking for a > ransom, so we should prevent any access to home that is not required. I think it's unlikely that a user would explicitly choose $HOME as save_dir, but agree that it would be reasonable to take the precaution just in case. Thanks, Alex _______________________________________________ Dillo-dev mailing list -- [email protected] To unsubscribe send an email to [email protected]
