fs-mistrust: Adopt a more exact set of rules about parent directories.
Right now, our code for checking directories and their contents does not, except in a narrow set of cases1, always take into account the property that an unreadable directory can transitively make its contents inaccessible2.
This means that we don't accept, for example, the situation where the user's state is in "~/.local/share/arti/state", and state
is world-readable, but arti
is 0700.
Arguably we should extend the code to handle this case more carefully.