Re: Lockdown... Take 2
- From: Alexander Larsson <alexl redhat com>
- To: Havoc Pennington <hp redhat com>
- Cc: Matt Keenan <Matt Keenan sun com>, "desktop-devel-list gnome org" <desktop-devel-list gnome org>
- Subject: Re: Lockdown... Take 2
- Date: 15 Oct 2003 11:35:36 +0200
On Tue, 2003-10-14 at 18:57, Havoc Pennington wrote:
>
> I don't know, I just see there could be piles of complexity and an
> endless job trying to make all apps honor a list of allowed executables,
> and it's not secure anyway. The right place for this architecturally
> really seems like the exec() syscall.
>
> To me any lockdown setting that won't be reasonably easy for app authors
> to implement properly is kind of scary.
I agree, for lockdown on this level we should probably rely on ACLs, or
at least exec permissions. We just can't implement things like this in
panel+nautilus and expect it to work, we're gonna miss places, and we
can't modify all apps anyway. I feel the same about filesystem
permissions.
That said, even if one uses ACLS to do the actual lockdown, there is
some some use in keys like this. When in locked down mode we want to
avoid presenting the locked down things from the ui. Having "open
terminal" in the menu, but giving a "permission denied" dialog isn't
very nice. However, we need to point this out so people don't think
enabling the disable_terminal key makes their system safe.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Alexander Larsson Red Hat, Inc
alexl redhat com alla lysator liu se
He's an unconventional small-town househusband with a robot buddy named
Sparky. She's a sarcastic belly-dancing lawyer prone to fits of savage,
blood-crazed rage. They fight crime!
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]