← Back to context

Comment by mschuster91

7 hours ago

> System and root directories cannot be selected.

That desperately needs something like the Public Suffix List [1] - a community-managed list where authors of software can blacklist directories containing sensitive files or such files directly for all browsers implementing this feature.

If I were to design such a list, it would include ~/.ssh, ~/.aws, ~/.config, ~/Library, ~/.{ba,z}sh{rc,_profile,_history}, ~/.m2, ~/.npm, ~/.npmrc, ~/.profile at the very least. Because users will get phished.

[1] https://en.wikipedia.org/wiki/Public_Suffix_List

3 comments

mschuster91

Reply
inigyou  7 hours ago

This is still a security nightmare! You won't get every folder, or even enough folders.

codedokode  4 hours ago

Black listing is never secure. White listing is. Sadly some really smart person decided it was a good idea to store pictures and SSH keys within the same directory tree.

  • yjftsjthsd-h  33 minutes ago

    > Sadly some really smart person decided it was a good idea to store pictures and SSH keys within the same directory tree.

    ~/Pictures and ~/.ssh are as far apart as they can be while staying in the user's home directory. I guess you could stick stuff in... /var or something, but that seems worse overall.