Re: Lockdown... Take 2

[Andrew Sobala <as583 cam ac uk>]

Can you explain why? If someone wants to prevent users from opening a
terminal, there are 2 ways we can implement this:

* gconf key to hide it plus ACL. Sysadmin has to implement this in two
different places. If someone doesn't read the docs properly and just
goes the gconf way they end up with nonexistant security: they think
it's secure (the menu option doesn't appear) but it can actually still
be run.

* Just remove access to it in an ACL. Menu items automagically
disappear. Secure, and it "Just Works". If the ACL configuration is
broken, it's obvious to the sysadmin since the menu option is still
there.

On Wed, 2003-10-15 at 11:26, Matt Keenan wrote:
> Having gconf keys here is cleaner in my view and as Alex says, they
> are not intended as a complete secure solution just a means hiding
> some options..
> 
> Andrew Sobala wrote:
> > On Wed, 2003-10-15 at 10:35, Alexander Larsson wrote:
> > 
> >>That said, even if one uses ACLS to do the actual lockdown, there is
> >>some some use in keys like this. When in locked down mode we want to
> >>avoid presenting the locked down things from the ui. Having "open
> >>terminal" in the menu, but giving a "permission denied" dialog isn't
> >>very nice. However, we need to point this out so people don't think
> >>enabling the disable_terminal key makes their system safe.
> > 
> > 
> > Are gconf keys absolutely necessary? Can't we check for exec permissions
> > before showing the menu item, and simply not show it if it wouldn't
> > work?
> > 
-- 
Andrew Sobala <as583 cam ac uk>