On Tue, 18 Jan 2022, at 16:35, The Wanderer wrote: > So this could potentially be dangerous if the user chooses a directory > location that's high enough in the directory tree to have important > files already underneath it, but not if the user chooses e.g. a > dedicated Downloads directory.
I'd expect malware using this mechanism to put forward a "plausible" reason why a naive user should select an unsafe directory, rather than a downloads one. >> I think I also read that once the code has a handle to a directory it >> can scan sub-directories as well. > > Yes, that appears to be correct. And that opens up the scourge of malware that correctly identifies what software one has installed, and/or aspects of its configuration, just based on what files/folders exist. -- Jeremy Nicoll - my opinions are my own.
