github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #5337] bleachbit: cannot securely delete the Trash #2962

New issue

Closed

opened 2026-05-05 09:37:37 -06:00 by gitea-mirror · 5 comments

gitea-mirror commented

2026-05-05 09:37:37 -06:00

Owner

Originally created by @ghost on GitHub (Aug 23, 2022).
Original GitHub issue: https://github.com/netblue30/firejail/issues/5337

Problem 1:
Bleachbit is used to permanently delete files by overwriting the memory. So the most popular feature of Bleachbit is emptying the Trash.

But bleachbit.profile includes disable-common.inc which blacklists ${HOME}/.local/share/Trash so it's not possible to empty the trash with Bleachbit.

Problem 2:
Bleachbit has access to $HOME dir. I don't think it makes sense to deny it access to Trash dir but allow it to home dir. It would make more sense to be the other way around.

Describe the solution you'd like

Improvement 1 to bleachbit.profile:

Add this line:

noblacklist ${HOME}/.local/share/Trash

or if you think it should be blacklisted by default even though it's the most popular use case for Bleachbit, then add these comments:

# Uncomment this line to allow emptying trash (or add to bleachbit.local):
# noblacklist ${HOME}/.local/share/Trash

Improvement 2:

blacklist ${HOME}/Desktop
blacklist ${HOME}/Documents
blacklist ${HOME}/Downloads
blacklist ${HOME}/Music
blacklist ${HOME}/Pictures
blacklist ${HOME}/Public
blacklist ${HOME}/Templates
blacklist ${HOME}/Videos

Describe alternatives you've considered

I have made this improvements in bleachbit.local and it works great.

Something that made me confused at first after using Bleachbit to empty Trash, is that the files in ${HOME}/.local/share/Trash were gone as they are supposed to be, but browsing Trash directory through a file manager shows that the files are still there, but it also says the files don't exist if you try to delete them without Bleachbit. I spent some time searching for answers about this, but then I restarted my file manager and then the non-existant files were really gone.

Additional context

Just want to help out with this improvement and contribute. I think it's easier to post this as a feature request instead of making a pull request since it's just a simple profile improvement.

Originally created by @ghost on GitHub (Aug 23, 2022). Original GitHub issue: https://github.com/netblue30/firejail/issues/5337 ### Is your feature request related to a problem? Please describe. Problem 1: Bleachbit is used to permanently delete files by overwriting the memory. So the most popular feature of Bleachbit is emptying the Trash. But bleachbit.profile includes disable-common.inc which blacklists `${HOME}/.local/share/Trash` so it's not possible to empty the trash with Bleachbit. Problem 2: Bleachbit has access to $HOME dir. I don't think it makes sense to deny it access to Trash dir but allow it to home dir. It would make more sense to be the other way around. ### Describe the solution you'd like Improvement 1 to bleachbit.profile: Add this line: ``` noblacklist ${HOME}/.local/share/Trash ``` or if you think it should be blacklisted by default even though it's the most popular use case for Bleachbit, then add these comments: ``` # Uncomment this line to allow emptying trash (or add to bleachbit.local): # noblacklist ${HOME}/.local/share/Trash ``` Improvement 2: ``` blacklist ${HOME}/Desktop blacklist ${HOME}/Documents blacklist ${HOME}/Downloads blacklist ${HOME}/Music blacklist ${HOME}/Pictures blacklist ${HOME}/Public blacklist ${HOME}/Templates blacklist ${HOME}/Videos ``` ### Describe alternatives you've considered I have made this improvements in bleachbit.local and it works great. Something that made me confused at first after using Bleachbit to empty Trash, is that the files in `${HOME}/.local/share/Trash` were gone as they are supposed to be, but browsing Trash directory through a file manager shows that the files are still there, but it also says the files don't exist if you try to delete them without Bleachbit. I spent some time searching for answers about this, but then I restarted my file manager and then the non-existant files were really gone. ### Additional context Just want to help out with this improvement and contribute. I think it's easier to post this as a feature request instead of making a pull request since it's just a simple profile improvement.

gitea-mirror

2026-05-05 09:37:37 -06:00

closed this issue
added the
bug
label

gitea-mirror commented

2026-05-05 09:37:40 -06:00

Author

Owner

@kmk3 commented on GitHub (Aug 25, 2022):

@ydididodat commented on Aug 23:

Is your feature request related to a problem? Please describe.

Problem 1: Bleachbit is used to permanently delete files by overwriting the
memory. So the most popular feature of Bleachbit is emptying the Trash.

But bleachbit.profile includes disable-common.inc which blacklists
${HOME}/.local/share/Trash so it's not possible to empty the trash with
Bleachbit.

Problem 2: Bleachbit has access to $HOME dir. I don't think it makes sense to
deny it access to Trash dir but allow it to home dir. It would make more
sense to be the other way around.

Describe the solution you'd like

Improvement 1 to bleachbit.profile:

Add this line:
noblacklist ${HOME}/.local/share/Trash

We could add these commands to the profile:

noblacklist ${HOME}/.local/share/Trash
include disable-xdg.inc

Besides that, do you know all the paths that the program generally needs to
access in the home directory? Such as configuration and cache files.

The security of the profile could be much improved by using whitelisting
commands to only allow access to specific paths. Blacklisting commands can
currently only block access to paths that already exist. That is, the program
is free to create ${HOME}/.foorc if it does not already exist, even if
blacklist ${HOME}/.foorc is used.

Describe alternatives you've considered

I have made this improvements in bleachbit.local and it works great.

Something that made me confused at first after using Bleachbit to empty
Trash, is that the files in ${HOME}/.local/share/Trash were gone as they are
supposed to be, but browsing Trash directory through a file manager shows
that the files are still there, but it also says the files don't exist if you
try to delete them without Bleachbit. I spent some time searching for answers
about this, but then I restarted my file manager and then the non-existant
files were really gone.

That indeed sounds strange.

Did this happen with or without noblacklist ${HOME}/.local/share/Trash?

What version of firejail and OS did you use?

Additional context

Just want to help out with this improvement and contribute.

That's great to hear; thanks for the report.

I think it's easier to post this as a feature request instead of making a
pull request since it's just a simple profile improvement.

I get what you mean and having a dedicated issue is usually good for extended
discussion, but feel free to also open a pull request if you want. I think
that generally pull requests are welcome, especially when the changes are
straightforward and the commits are self-explanatory (for example, see
https://chris.beams.io/posts/git-commit/).

@kmk3 commented on GitHub (Aug 25, 2022): @ydididodat commented [on Aug 23](https://github.com/netblue30/firejail/issues/5337#issue-1348218365): > ### Is your feature request related to a problem? Please describe. > > Problem 1: Bleachbit is used to permanently delete files by overwriting the > memory. So the most popular feature of Bleachbit is emptying the Trash. > > But bleachbit.profile includes disable-common.inc which blacklists > `${HOME}/.local/share/Trash` so it's not possible to empty the trash with > Bleachbit. > > Problem 2: Bleachbit has access to $HOME dir. I don't think it makes sense to > deny it access to Trash dir but allow it to home dir. It would make more > sense to be the other way around. > > ### Describe the solution you'd like > > Improvement 1 to bleachbit.profile: > > Add this line: > > ``` > noblacklist ${HOME}/.local/share/Trash > ``` We could add these commands to the profile: ```firejail noblacklist ${HOME}/.local/share/Trash include disable-xdg.inc ``` Besides that, do you know all the paths that the program generally needs to access in the home directory? Such as configuration and cache files. The security of the profile could be much improved by using whitelisting commands to only allow access to specific paths. Blacklisting commands can currently only block access to paths that already exist. That is, the program is free to create `${HOME}/.foorc` if it does not already exist, even if `blacklist ${HOME}/.foorc` is used. > ### Describe alternatives you've considered > > I have made this improvements in bleachbit.local and it works great. > > Something that made me confused at first after using Bleachbit to empty > Trash, is that the files in ${HOME}/.local/share/Trash were gone as they are > supposed to be, but browsing Trash directory through a file manager shows > that the files are still there, but it also says the files don't exist if you > try to delete them without Bleachbit. I spent some time searching for answers > about this, but then I restarted my file manager and then the non-existant > files were really gone. That indeed sounds strange. Did this happen with or without `noblacklist ${HOME}/.local/share/Trash`? What version of firejail and OS did you use? > ### Additional context > > Just want to help out with this improvement and contribute. That's great to hear; thanks for the report. > I think it's easier to post this as a feature request instead of making a > pull request since it's just a simple profile improvement. I get what you mean and having a dedicated issue is usually good for extended discussion, but feel free to also open a pull request if you want. I think that generally pull requests are welcome, especially when the changes are straightforward and the commits are self-explanatory (for example, see <https://chris.beams.io/posts/git-commit/>).

gitea-mirror commented

2026-05-05 09:37:41 -06:00

Author

Owner

@ghost commented on GitHub (Aug 27, 2022):

We could add these commands to the profile:
noblacklist ${HOME}/.local/share/Trash
include disable-xdg.inc
Besides that, do you know all the paths that the program generally needs to access in the home directory? Such as configuration and cache files.

The security of the profile could be much improved by using whitelisting commands to only allow access to specific paths. Blacklisting commands can currently only block access to paths that already exist. That is, the program is free to create ${HOME}/.foorc if it does not already exist, even if blacklist ${HOME}/.foorc is used.

sorry, don't know. I think it can be found out by monitoring the app without restrictions while testing the features you want. But I'm still a n00b and have lots to learn and too little time.

That indeed sounds strange.

Did this happen with or without noblacklist ${HOME}/.local/share/Trash?

What version of firejail and OS did you use?

Happened with noblacklist, if you don't have the noblacklist then it won't delete anything at all.

But I think it's normal behavior because I noticed later that if I delete (aka move to trash) things on other disks than the one my OS is on, and then I actually delete them in ${HOME}/.local/share/Trash then I look in the hidden Trash dir on the other disk which the files were in before I moved them to trash, and the files are still there even though they're deleted. If I try to delete them again it says they don't exist. So then I restart the file manager and the files are gone. So it seems like normal behavior.

That's great to hear; thanks for the report.

I think it's easier to post this as a feature request instead of making a
pull request since it's just a simple profile improvement.

I get what you mean and having a dedicated issue is usually good for extended discussion, but feel free to also open a pull request if you want. I think that generally pull requests are welcome, especially when the changes are straightforward and the commits are self-explanatory (for example, see https://chris.beams.io/posts/git-commit/).

I'm still new and learning and trying to setup my computers the way I like. So I'm just not ready to start doing pull requests yet. Currently I browse github in Whonix. I guess it should be fine to install git on it. I guess maybe I would use file sharing to move the project from the Whonix VM to my host and do the work (changes) there, then file share it back to Whonix VM and use git to make a pull request. Or maybe there are better/easier ways to use git with TOR.

Have to be careful when using Github because if you are working on a project which is currently legal, but in the future it becomes illegal, then you can be banned from Github and go to prison for it. That's what happened to the dev of Tornado Cash. Crazy!

@ghost commented on GitHub (Aug 27, 2022): > We could add these commands to the profile: > > ``` > noblacklist ${HOME}/.local/share/Trash > include disable-xdg.inc > ``` > > Besides that, do you know all the paths that the program generally needs to access in the home directory? Such as configuration and cache files. > > The security of the profile could be much improved by using whitelisting commands to only allow access to specific paths. Blacklisting commands can currently only block access to paths that already exist. That is, the program is free to create `${HOME}/.foorc` if it does not already exist, even if `blacklist ${HOME}/.foorc` is used. sorry, don't know. I think it can be found out by monitoring the app without restrictions while testing the features you want. But I'm still a n00b and have lots to learn and too little time. > That indeed sounds strange. > > Did this happen with or without `noblacklist ${HOME}/.local/share/Trash`? > > What version of firejail and OS did you use? > Happened with noblacklist, if you don't have the noblacklist then it won't delete anything at all. But I think it's normal behavior because I noticed later that if I delete (aka move to trash) things on other disks than the one my OS is on, and then I actually delete them in ${HOME}/.local/share/Trash then I look in the hidden Trash dir on the other disk which the files were in before I moved them to trash, and the files are still there even though they're deleted. If I try to delete them again it says they don't exist. So then I restart the file manager and the files are gone. So it seems like normal behavior. > That's great to hear; thanks for the report. > > > I think it's easier to post this as a feature request instead of making a > > pull request since it's just a simple profile improvement. > > I get what you mean and having a dedicated issue is usually good for extended discussion, but feel free to also open a pull request if you want. I think that generally pull requests are welcome, especially when the changes are straightforward and the commits are self-explanatory (for example, see https://chris.beams.io/posts/git-commit/). I'm still new and learning and trying to setup my computers the way I like. So I'm just not ready to start doing pull requests yet. Currently I browse github in Whonix. I guess it should be fine to install git on it. I guess maybe I would use file sharing to move the project from the Whonix VM to my host and do the work (changes) there, then file share it back to Whonix VM and use git to make a pull request. Or maybe there are better/easier ways to use git with TOR. Have to be careful when using Github because if you are working on a project which is currently legal, but in the future it becomes illegal, then you can be banned from Github and go to prison for it. That's what happened to the dev of Tornado Cash. Crazy!

gitea-mirror commented

2026-05-05 09:37:42 -06:00

Author

Owner

@rusty-snake commented on GitHub (Aug 28, 2022):

Improvement 1: Open a PR.
Improvement 2: No. Localization, ...

Whitdlisting: Will be a lot work (maybe the source code of blechbit contains a list) but if somebody wants to do this go for it.
While I'm not sure if we should make it the default we would at least include it as an opt-in commend.

[github usage]

For single file edits the github editor works good.

@rusty-snake commented on GitHub (Aug 28, 2022): Improvement 1: Open a PR. Improvement 2: No. Localization, ... Whitdlisting: Will be a lot work (maybe the source code of blechbit contains a list) but if somebody wants to do this go for it. While I'm not sure if we should make it the default we would at least include it as an opt-in commend. > [github usage] For single file edits the github editor works good.

gitea-mirror commented

2026-05-05 09:37:43 -06:00

Author

Owner

@kmk3 commented on GitHub (Jul 16, 2023):

Bleachbit is used to permanently delete files by overwriting the memory. So
the most popular feature of Bleachbit is emptying the Trash.

Improvement 2:

blacklist ${HOME}/Desktop
blacklist ${HOME}/Documents
blacklist ${HOME}/Downloads
blacklist ${HOME}/Music
blacklist ${HOME}/Pictures
blacklist ${HOME}/Public
blacklist ${HOME}/Templates
blacklist ${HOME}/Videos

This overwriting feature could also be useful to use in these other
directories, so blacklisting them (and/or using whitelisting in ${HOME})
might get in the way of that.

That is, since it works kind of like a file manager, blocking access to common
directories by default might be counter-productive, especially if files are
deleted directly instead of using the Trash directory (which is more likely to
be the case when using a WM instead of a DE).

@rusty-snake Thoughts?

@kmk3 commented on GitHub (Jul 16, 2023): > Bleachbit is used to permanently delete files by overwriting the memory. So > the most popular feature of Bleachbit is emptying the Trash. > Improvement 2: > > ``` > blacklist ${HOME}/Desktop > blacklist ${HOME}/Documents > blacklist ${HOME}/Downloads > blacklist ${HOME}/Music > blacklist ${HOME}/Pictures > blacklist ${HOME}/Public > blacklist ${HOME}/Templates > blacklist ${HOME}/Videos > ``` This overwriting feature could also be useful to use in these other directories, so blacklisting them (and/or using whitelisting in `${HOME}`) might get in the way of that. That is, since it works kind of like a file manager, blocking access to common directories by default might be counter-productive, especially if files are deleted directly instead of using the Trash directory (which is more likely to be the case when using a WM instead of a DE). @rusty-snake Thoughts?

gitea-mirror commented

2026-05-05 09:37:44 -06:00

Author

Owner

@kmk3 commented on GitHub (Aug 23, 2024):

Improvement 1 to bleachbit.profile:

Add this line:
noblacklist ${HOME}/.local/share/Trash

Added on commit 154ffadef ("bleachbit.profile: allow erasing Trash contents",
2023-07-15) / PR #5902.

Improvement 2:

blacklist ${HOME}/Desktop
blacklist ${HOME}/Documents
blacklist ${HOME}/Downloads
blacklist ${HOME}/Music
blacklist ${HOME}/Pictures
blacklist ${HOME}/Public
blacklist ${HOME}/Templates
blacklist ${HOME}/Videos

It needs access to these directories in order to overwrite the files in them as
well; wontfix.

Closing as resolved.

@kmk3 commented on GitHub (Aug 23, 2024): > Improvement 1 to bleachbit.profile: > > Add this line: > > ``` > noblacklist ${HOME}/.local/share/Trash > ``` Added on commit 154ffadef ("bleachbit.profile: allow erasing Trash contents", 2023-07-15) / PR #5902. > Improvement 2: > > ``` > blacklist ${HOME}/Desktop > blacklist ${HOME}/Documents > blacklist ${HOME}/Downloads > blacklist ${HOME}/Music > blacklist ${HOME}/Pictures > blacklist ${HOME}/Public > blacklist ${HOME}/Templates > blacklist ${HOME}/Videos > ``` It needs access to these directories in order to overwrite the files in them as well; wontfix. Closing as resolved.

gitea-mirror referenced this issue

2026-05-05 10:23:06 -06:00

[PR #2962] [MERGED] "Net None" Option Breaks Functionality #4598

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2962

No description provided.

Rows
Columns