On Wed, 2010-10-06 at 21:01 +0100, Bastien Nocera wrote: > Symbolic links? To both the filesystem itself, and to directories under > ~/.gvfs/. Are those blocked as expected?
Looks like we have different expectations ;) Nope, we don't try to resolve symlinks to see if they point to allowed hierarchies. This is not hard security; it's about simple lockdown, or about letting people implement a "pick a file in the USB stick" kind of thing. It would be interesting to desensitize symlinks to places outside the roots. I don't have enough brain cycles left today to implement this, but patches welcome, etc. I'm not sure it's worth the effort to resolve stuff inside .gvfs - if you created a mount and if your $HOME is allowed, then I see no reason to block the mount. (If your ~ is not allowed, then *probably* your lockdown scheme is highly weird anyway.) (Since the file chooser now basically has all the "is this file allowed" machinery internally, it would be interesting to hook it up to a real security system with really enforceable policies. I hereby declare the can of worms opened.) Federico _______________________________________________ gtk-devel-list mailing list gtk-devel-list@gnome.org http://mail.gnome.org/mailman/listinfo/gtk-devel-list