• Michal@programming.dev
    link
    fedilink
    arrow-up
    21
    ·
    8 months ago

    Aren’t widgets pieces of software? Of course they have to run code. But they need to be isolated, or at the very least not have sudo access.

    • baseless_discourse@mander.xyz
      link
      fedilink
      arrow-up
      1
      ·
      8 months ago

      I think the theme mentioned probably don’t have sudo access, just user access can do enough harm already.

      I think rm command should refuse to remove overly-broad target (home, xdg dirs, media drives) without confirmation in the command line.

      • ReversalHatchery@beehaw.org
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        8 months ago

        Ok, then a bad actor could enumerate all the subdirs and delete them one by one.

        Even if going down this path would be a good solution, I don’t think this is rm’s job to do. This should be done by an antivirus a security suite. I think I have read that for the past few years the kernel now has a better API than inotify to get notified by file operations. I don’t remember it’s name, but I think it was even mentioned in the docs that security software is a use case of it

        • baseless_discourse@mander.xyz
          link
          fedilink
          arrow-up
          2
          ·
          edit-2
          8 months ago

          This is not a defense against bad actor, but defense against bugs in bash script, which is quite common. Another idea is to introduce a new trash command xdg-trash to replacerm. But both of these cannot stop malicious actors removing your file.

          I think even if we have a security suite, it is unlikely to detect bad actor recursively enumerating the file and delete them one by one, until many files were irrversably lost.

          Antivirus has never been a proper way to achieve security, I think the proper way to defend against offensive rm is probably sandboxing.