Re: Lockdown... Take 2

From: Rob Adams <readams readams net>
To: "desktop-devel-list gnome org" <desktop-devel-list gnome org>
Subject: Re: Lockdown... Take 2
Date: Tue, 14 Oct 2003 10:13:49 -0700

Could we LD_PRELOAD an exec() (and system() ) wrapper for lockdown mode?

-Rob

On Tue, 2003-10-14 at 09:57, Havoc Pennington wrote:
> Hi,
> 
> Comment on one tiny piece - the means of prohibiting access to certain
> binaries seems pretty messy, but I'm not sure how to clean up.
> 
>  - we have both executables and .desktop files without 1-to-1 mapping
>  - should some executables/desktop files be special-cased as in 
>    "disable terminal"?
>  - do we disable .desktop files based on whether the executable they 
>    launch is disabled? Is this based on a string compare or filesystem
>    search?
>  - there are lots of apps that won't honor the executable restrictions
>  - what code validates whether an executable is allowed and when?
>  - to validate an Exec line or command line do we have to do complicated
>    shell code analysis?
>  - how are we going to integrate all this into Mozilla, OpenOffice, 
>    etc.?
> 
> It feels to me like:
> 
>  - the restrictions on a given executable should be provided by 
>    and enforced by the OS in some way
>  - the desktop should have some call executable_allowed() that can 
>    be used to check with the OS about whether an executable can be used,
>    and we should automatically hide/show UI based on this when possible
>  - if we had that, what keys would we still want? disable_command_line 
>    probably to whack all manual access to executables.
>    Also menu editing and thus .desktop file removal probably.
> 
> I don't know, I just see there could be piles of complexity and an
> endless job trying to make all apps honor a list of allowed executables,
> and it's not secure anyway. The right place for this architecturally
> really seems like the exec() syscall.
> 
> To me any lockdown setting that won't be reasonably easy for app authors
> to implement properly is kind of scary.
> 
> Havoc
> 
> _______________________________________________
> desktop-devel-list mailing list
> desktop-devel-list gnome org
> http://mail.gnome.org/mailman/listinfo/desktop-devel-list

Follow-Ups:
- Re: Lockdown... Take 2
  - From: Carlos Perelló Marín
- Re: Lockdown... Take 2
  - From: Havoc Pennington

References:
- Lockdown... Take 2
  - From: Matt Keenan
- Re: Lockdown... Take 2
  - From: Alexander Larsson
- Re: Lockdown... Take 2
  - From: Havoc Pennington

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]