Re: Lockdown stuff

From: Alexander Larsson <alexl redhat com>
To: Ian Peters <itp ximian com>
Cc: Matt Keenan <Matt Keenan sun com>, "desktop-devel-list gnome org" <desktop-devel-list gnome org>
Subject: Re: Lockdown stuff
Date: 09 Oct 2003 12:32:30 +0200

On Wed, 2003-10-08 at 18:11, Ian Peters wrote:
> We (Ximian, Novell, whatever) are also definitely interested in getting
> lockdown infrastructure in place as soon as possible also, and for the
> time being, at least, I'm the point man here for us.  Brief intro out of
> the way...

Cool.

> > Some of the keys you proposed can be configured in such a way that they
> > make zero sense (allow cut+paste, but not copy?), and some things are
> > better locked down in other ways (such as filesystem permissions). Many
> > of the keys are such that any working/useful configuration of them make
> > nautilus pretty much useless, and a better way to do the lockdown would
> > probably be to disable nautilus. 
> 
> Filesystem permissions would definitely have to play a role in any
> seriously hardened configuration, but I don't think that just because
> things -can- be handled with the filesystem necessarily implies that we
> shouldn't provide potentially overlapping functionality, perhaps less
> secure by design, using lockdown keys and GConf.

Of course. Its much nicer if the system has limited features visible
than if it looks like normal, but every other operation fails due to
permission problems. I was just pointing out that we shouldn't forget
the other ways to lock down stuff that are availible.

> > I think a better approach to the lockdown problem is to sit down and
> > talk to people who want to use lockdown and see what they really want to
> > accomplish, then sit down and figure out a few higher-level lockdown
> > operations that we implement throughout the desktop and that allows all
> > the interesting policies to be implemented. This will allow mortal
> > sysadmins to figure out how to set this up, and it will probably make
> > the lockdown mode work better since the people who know the software
> > best (the developers) will pick the feature details for a particular
> > lockdown policy. It will also make the lockdown keys work across
> > upgrades in a way that lowlevel 'disable-this-menu-item' keys won't. We
> > probably won't be able to make a few high level policy settings do
> > everything, so we might need to add a few lowlevel keys for those
> > special-case situations where we can't get a sane highlevel policy that
> > works for everyone.
> 
> I would strengthen your first claim and argue that it's not just a
> better approach, as much as an absolute requirement, to sit down and
> figure out what actual consumers of lockdown want to use it for before
> we go anywhere productively on this.

I tend to not use strong words like "must", since i'm not gonna do most
of the work, but basically, yeah.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 Alexander Larsson                                            Red Hat, Inc 
                   alexl redhat com    alla lysator liu se 
He's an obese Jewish photographer fleeing from a secret government programme. 
She's a provocative Bolivian fairy princess from a secret island of warrior 
women. They fight crime!

References:
- Re: Lockdown stuff
  - From: Matt Keenan
- Re: Lockdown stuff
  - From: Alexander Larsson
- Re: Lockdown stuff
  - From: Ian Peters

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]