Re: lock down features

On Thu, Nov 14, 2002 at 12:52:49AM -0500, Jonathan Blandford wrote:
> > So e.g. if can_run_commands is FALSE, you can't open the Run Command
> > dialog or do other things that allow you to start up a command.  Apps
> > would optionally be able to honor this setting. This isn't related to
> > a preference.
> This will be really tricky to audit...

I don't think we can make promises of genuine security against a
determined hacker, really.  Audit every app for buffer overflows in
the face of arbitrary X events?  Ouch.

But we can probably remove every obvious way to run a command,
assuming you use only apps we ship (hide Emacs for example).
>  * Provide gconf backend that can scale beyond individual users (ie:
>  groups)

You can already do this by just sharing some XML files, though it
could be more convenient.
>  * 'Reset to default' feature for keys.

Note that "reset to default" for gconf is just "unset" - you unset the
key, you get the default value instead of your own.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]