-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Mon, Jul 24, 2017 at 03:01:38AM -0700, Andrew Morgan wrote: > On 07/24/2017 02:57 AM, Marek Marczykowski-Górecki wrote: > > 2. You should check (and at least log non-zero) exit code of > > qvm-file-trust. Failing to mark untrusted file as untrusted may result > > in opening it locally and exploiting some bug in local editor, so this > > case should have some serious error handling (maybe even removing such > > file?). > > Hm, we could quarantine it perhaps? Maybe in some folder TrustQuarantine > a file ~/Downloads/folder/file could be moved to > TrustQuarantine/home/user/Downloads/folder/file. This way the user knows > where the file was originally, without us having to touch the file in > any way.
I'd be careful about rebuilding directory structure, because it could be quite complex (some VM sending very deep directory like a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/.../some-file). But maybe I'm too paranoid here? ;) - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJZdcfMAAoJENuP0xzK19cs73sH/RI3wU+YLpNpddzpIoO6/rQu ZrUeIxv+0g3xoX63QnszBkYap84UbKXq1Q6ArJFrQAwPeDxh+Mo0UpWsP7aFCagi UD4RMJFFGH3b20AVgvBv6dK0QXw4BlSbXDkRl81sHZzg2Nu7wC86q/692e1Tc/4s DqZtzdS10WOYWmbOn+coLJ013VuS0zOdSrAx96pffLFRkNne19EEaI/bh/sElt1X uKcsvFSQn5FSNtRRW7It9/vonHZVeQ2WcO8FfkSSS8qUItavYV8UHHpeDigITfMi 1qM2wmhQuUc8tSa0LFHU7pTtb9HEbt+84Ffd0JwZhIhrlUSghRVULFtZabzpFXM= =DhSr -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20170724101123.GU1095%40mail-itl. For more options, visit https://groups.google.com/d/optout.
