Re: lock down features



> In this general vein, what is "lockdown" meant to cover here. Before we
> start talking about code impact, what does the endgame look like?

"Lockdown" is *not* security. That's a good point to start with, at least.
:-) It's a support feature. When I'm supporting 500+ desktops, I don't want
to find users resizing their taskbars or moving folders out of their menus
with accidental mouse drags, moving their 'start' button to the top of the
screen, turning off their file manager, etc.

It's there so you can know, almost guaranteed, what the user can and can not
change on their desktop.

> It's going to be very hard to stop an intentionally malicious user from
> changing things around (by screwing around in .gnome2 and .gconf, for
> example). So are we just trying to make this harder to do and then if
> something gets muddled up the sysadmin can just blow away $HOME/.gconf*
> and $HOME/.gnome* and have the user log back in to get to the "official
> setup"? Or...?

Yeah. Intentionally malicious users will get around all sorts of silly
roadblocks, and there are non-technical methods of dealing with them
anyway. :-)
> Without this, it's the situation Jeff and Glynn (a.o.) mention, where
> cycles are burnt looking at something that turns out to be unfit for
> the purpose.

Pretty sure Havoc is on the same track here, so it's a far less daunting
concept (and fewer code/QA cycles) than a 'secure' desktop.

- Jeff

-- 
  So, "Jeffrey" seems to mean "the ineffectual, victimised guy in
  American movies" in four different languages.





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]