On Mon, Jul 24, 2017 at 5:08 PM, Andrew Morgan <[email protected]> wrote: > On 07/24/2017 03:11 AM, Marek Marczykowski-Górecki wrote: >> On Mon, Jul 24, 2017 at 03:01:38AM -0700, Andrew Morgan wrote: >>> On 07/24/2017 02:57 AM, Marek Marczykowski-Górecki wrote: >>>> 2. You should check (and at least log non-zero) exit code of >>>> qvm-file-trust. Failing to mark untrusted file as untrusted may result >>>> in opening it locally and exploiting some bug in local editor, so this >>>> case should have some serious error handling (maybe even removing such >>>> file?). >> >>> Hm, we could quarantine it perhaps? Maybe in some folder TrustQuarantine >>> a file ~/Downloads/folder/file could be moved to >>> TrustQuarantine/home/user/Downloads/folder/file. This way the user knows >>> where the file was originally, without us having to touch the file in >>> any way. >> >> I'd be careful about rebuilding directory structure, because it could be >> quite complex (some VM sending very deep directory like >> a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/.../some-file). >> But maybe I'm too paranoid here? ;) >> >> > > Yeah not sure what other potential repercussions there might be, but if > there already exists a very deep directory structure inside of an > untrusted folder, I'd assume that moving that structure to a different > folder would not be a big issue, unless the path of the untrusted file > was already right up to the max filepath limit already? > > Sounds like an edge case, but overall still seems like the > easiest/simplest solution, if we do decide to implement a quarantine > feature :) > > Andrew Morgan
If quarantining is something of interest, one possibility may be to take inspiration from the xdg Trash specification [1]. They purposefully do not keep the original directory structures, but rather just the base filename, and keep a separate index of where the files came from. [1]: https://standards.freedesktop.org/trash-spec/trashspec-latest.html -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/CABQWM_C%2BFgmJ9Sw11U7MN3QXDT88kHpq%3DxDG5ckC5Yvt2xN6Hg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
