edgy on x64: Request for extension of the /.hidden file

Brandon Holtsclaw imbrandon at kubuntu.org
Wed Oct 4 09:21:23 BST 2006


Was and is currently disscussed on
https://wiki.ubuntu.com/KubuntuKDEMedia
and in the IRC logs for #kubuntu-devel

two things to note though, it dosent hide anything in the /home dir as
you sugest ( and thats achieved anyhow via "dot" files currectly ) AND
it only hides the from the kde file dialogs &/or konqi gui file browser
( but again this is all explain'd in the wiki ) 

> > isn't the hidden file a security risk for Edgy users? if a local
> > attacker finds a way to change it, wouldn't s/he be able to put anything
> > s/he wants to the user's home folder, without the user knowing about the
> > file. wouldn't this make the .hidden file a specific target of attackers?
> 
> Attacker doesn't need hidden dirs or files to hide something (it allways
> has /tmp and /var/tmp, tmpfs, etc...). Hidden file isn't a security risk
> cause if attacker is able to create files in user's dir, then security
> is allready circumvented. So, hidden file is not a cause, but a
> consenquence.
exactly +1


>(and if you say that it is present in Dapper, which I
>use, I will be all red and ashamed :) 

sure its been built into gnome for a long time ( including in dapper ),
we are just taking advantage of it in edgy for KDE so its new to some
users, to expirment with this in dapper just make a file named .hidden
in your / with one line "usr" ( no quotes ) then open natulis and note
no more /usr is shown in the GUI ( unless "show hidden files" is
choosen , as with the same in kde )

Feel free to give input on the wiki or on irc , its more than welcomed ,
but in short as you asked "yes, it was thought about and discussed"

-- 
Brandon Holtsclaw
imbrandon at kubuntu.org
http://www.imbrandon.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20061004/80027687/attachment.pgp 


More information about the ubuntu-devel mailing list