Harden trashdirs
Suggestion to harden the trashdirs.
The trash spec gives a main "home trash" directory, plus separate trashdirs per partition per user. The spec seems to be silent on permissions of these user trashdirs. Default directory mode in most environments is 777
, which even with umask gets you world readable trashdirs. I think there's a risk here of exposing sensitive info. If you trash a sensitive file in a protected private directory where no one else could read it, it suddenly becomes visible to everyone in your unprotected trashdir.
Creating trashdirs with restricted permissions would prevent this, probably 700
for owner RWX.
I have a first pass patch just for discussion. The language might need updating. A couple things I wasn't sure about:
Does XDG target systems with different permission schemes? In that case maybe it should more general. "and with permissions restricting access to just this user"
Maybe it should verify permissions before using a directory.
https://gitlab.com/dittyroma/xdg-specs/-/compare/master...harden-trashdir?from_project_id=27390697