Files moved to "Exclude"ed folders still exist in Dash
Bug #1477787 reported by
TenLeftFingers
This bug affects 4 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Unity |
Confirmed
|
Low
|
Unassigned | ||
| unity (Ubuntu) |
Confirmed
|
Low
|
Unassigned | ||
Bug Description
Go to System Settings -> Security & Privacy -> Files & Applications
Add the Public directory to the Exclude list.
Now choose a document that shows up in the dash.
Move that document to the Public directory.
Open the dash.
Expected:
File is no longer visible or searchable in the dash
Actual:
File is visible in dash.
"Show in Folder" opens the Public directory, revealing the file.
Marking this as a security issue as it's part of the Security & Privacy settings.
Revision history for this message
| Tyler Hicks (tyhicks) wrote | #1 |
| Changed in unity-control-center (Ubuntu): | |
| status: | New → Confirmed |
| importance: | Undecided → Low |
| information type: | Private Security → Public Security |
| affects: | unity-control-center (Ubuntu) → unity (Ubuntu) |
| Changed in unity: | |
| importance: | Undecided → Low |
| status: | New → Confirmed |
Revision history for this message
| Seth Johnson (sethj) wrote | #2 |
| tags: | added: desktop-bugscrub-triaged |
Revision history for this message
| Douglas (douglaslawrence) wrote | #3 |
Revision history for this message
| Rodrigo Lledó (rodhos-hp) wrote | #4 |
Revision history for this message
| karthikkn (karthikkn) wrote | #5 |
To post a comment you must log in.
I can confirm this on Wily. If you click "clear the usage data" from the Security & Privacy, then the document no longer shows up in the dash but it seems like adding an excluded directory does not cause the cache to be invalidated.
I don't see how this could allow attackers to cross privilege boundaries or directly cause loss of data/privacy so I'm going to go ahead and make this public so that more developers can have access to the report.