Re: lock down features

From: Havoc Pennington <hp redhat com>
To: Jonathan Blandford <jrb redhat com>
Cc: desktop-devel-list gnome org
Subject: Re: lock down features
Date: Thu, 14 Nov 2002 03:06:32 -0500

On Thu, Nov 14, 2002 at 12:52:49AM -0500, Jonathan Blandford wrote:
> > So e.g. if can_run_commands is FALSE, you can't open the Run Command
> > dialog or do other things that allow you to start up a command.  Apps
> > would optionally be able to honor this setting. This isn't related to
> > a preference.
> 
> This will be really tricky to audit...

I don't think we can make promises of genuine security against a
determined hacker, really.  Audit every app for buffer overflows in
the face of arbitrary X events?  Ouch.

But we can probably remove every obvious way to run a command,
assuming you use only apps we ship (hide Emacs for example).

>  * Provide gconf backend that can scale beyond individual users (ie:
>  groups)

You can already do this by just sharing some XML files, though it
could be more convenient.

>  * 'Reset to default' feature for keys.

Note that "reset to default" for gconf is just "unset" - you unset the
key, you get the default value instead of your own.

Havoc

References:
- lock down features
  - From: Havoc Pennington
- Re: lock down features
  - From: Jonathan Blandford

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]