Should hidden files and directories be treated differently by the home plug
Neil McPhail
neil at themcphails.uk
Fri Jul 1 11:02:54 UTC 2016
Dear all,
I'm trying to snappify my fork of the silversearcher-ag package. This is
an application which works like a recursive "grep", but much faster, and
with awareness of git/mercurial repository formats and ignore files. It
has to parse ".gitignore" files, for example, to know what to search and
what not to search. I have attached an early draft of my snapcraft.yaml
file.
This doesn't seem possible with the current set of snapd interfaces. The
"home" plug excludes access to any "dot"/hidden files or directories. This
appears to be an attempt to prevent access to things like GPG and SSH
keys, which is admirable. Unfortunately, it has the side effect of
blocking legitimate access to the vast majority of innocent hidden files.
I think it is wrong to conflate "hidden" files with "sensitive or secure"
files in this way. The dot-prefix was never intended to add security;
merely to hide ugly files and directories. My $HOME has not been arranged
with the expectation that my dotfiles contain my sensitive information and
my plainfiles are public. Access to my sensitive files is controlled by
standard permissions. Indeed, SSH will baulk if my keyfile is
world-readable. On the other hand, if Boris Johnson managed to get me to
install his malicious .snap which would search out and destroy
"boris_with_strawberry_jam_and_poodle.jpg" from my $HOME/Pictures
directory (which is accessible via the "home" plug even although it it
chmodded 600) he would be back in the Tory leadership race in minutes.
Perhaps a better way would be to run "home" plugged apps as a different
user, who has been added to the real user's primary group? Thus 600-modded
files would remain inaccessible but innocent dotfiles could be manipulated
via group permissions.
What do you all think?
NMP
-------------- next part --------------
A non-text attachment was scrubbed...
Name: snapcraft.yaml
Type: application/x-yaml
Size: 423 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/snapcraft/attachments/20160701/1230f4b5/attachment.bin>
More information about the Snapcraft
mailing list