MTP Blacklist could use some updates

Bug Reports
1

REPRODUCIBILITY: n/a
OS VERSION: 5.0.0.62 (Tampella)
HARDWARE: Jolla C2
UI LANGUAGE:en_GB
REGRESSION: no

DESCRIPTION:

The configuration shipped in package mtp-vendor-configuration-sailfish apparently keeps some filesystem locations invisible from transfers to attached PCs via USB/MTP.

Mainly this is done through the config file /usr/share/mtp/blacklist-home.conf which is read by daemons installed through buteo-mtp-qt5.

PRECONDITIONS:

Currently the mentioned file contains:

.activesync
.bash_history
.bash_logout
.bash_profile
.bashrc
.cache
.config
.gconf
.gstreamer-0.10
.jolla-startupwizard-done
.jolla-startupwizard-sfos2-tutorial
.jolla-startupwizard-usersession-done
.local
.mozilla
.profiled
.qmf
.sailfish-accounts-tool
.sh_history
.ssh
.thumbnails
.timed
.vault
Videos/Camera/.recording
android_storage/DCIM/.thumbnails

STEPS TO REPRODUCE:

n/a

EXPECTED RESULT:

Locations such as these could be added for additional security/privacy:

# like bash_ or sh_, for busybox ash, and zsh
.ash_history
.zhistory
# maybe, as bashrc is also there:
.screenrc
.zshrc
# this, or the whole of .gnupg/ as it may contain pipe or socket files
.gnupg/private-keys-v1.d/ 
 # may contain plaintext passwords
.netrc
# may contain sensitive stuff in e.g. SELECT statements
.sqlite_history
# nss custom certificates
.pki
# others
.viminfo
# some more Android locations
android_storage/Movies/.thumbnails
android_storage/Music/.thumbnails
android_storage/Pictures/.thumbnails

ACTUAL RESULT:

Some of the shipped locations may be removed too, not sure.

MODIFICATIONS:

Many, but none pertaining to the files, programs and configurations in question. Some “modifications” may actually have created some of the files mentioned above, I still think they should be excluded

ADDITIONAL INFORMATION:

The comment in the file /etc/fsstorage.d/main-storage-conf.xml describes that /usr/share/mtp/blacklist-home.conf is for paths under %h which “gets replaced with home directory”.
Depending on how “home directory” is determined, (it is /home + username? is it getent passwd? something else?), it may make sense to also add filepaths relative to /home/appsupport-root/ as that is mounted there.
The same goes for the hidden paths under /home, such i.e. .system, .appsupport.

But I don’t know whether mtp_service can actually see these locations.

3 Likes
2

Not sure how much real benefit here. It’s your device and you’re giving a permission to use MTP when connecting to a computer. It can be even expected to have access to this content.

Seems originally the blacklist was added to prevent some bad behavior (e.g. thumbnailing thumbnails recursively). Also there’s some point in disallowing the user to modify files which have effect on the system, e.g. different marker files or configuration that affects device start up.

The new content mentioned here is not much included in the default installation nor should have that big impact if touched.

2 Likes
3

Thanks for looking.

I seems I misunderstood the purpose of the file, assuming it had to do with privacy/security. Apparently not. And re-reading the original list after this new information, it makes sense to stay as-is.