Re: Lockdown... Take 2

From: Matt Keenan <Matt Keenan sun com>
To: Alexander Larsson <alexl redhat com>
Cc: Andrew Sobala <as583 cam ac uk>, Havoc Pennington <hp redhat com>, GNOME Desktop Hackers <desktop-devel-list gnome org>
Subject: Re: Lockdown... Take 2
Date: Wed, 15 Oct 2003 13:19:53 +0100

Alexander Larsson wrote:

On Wed, 2003-10-15 at 13:49, Alexander Larsson wrote:

On Wed, 2003-10-15 at 12:13, Andrew Sobala wrote:

On Wed, 2003-10-15 at 10:35, Alexander Larsson wrote:

That said, even if one uses ACLS to do the actual lockdown, there is
some some use in keys like this. When in locked down mode we want to
avoid presenting the locked down things from the ui. Having "open
terminal" in the menu, but giving a "permission denied" dialog isn't
very nice. However, we need to point this out so people don't think
enabling the disable_terminal key makes their system safe.


Are gconf keys absolutely necessary? Can't we check for exec permissions
before showing the menu item, and simply not show it if it wouldn't
work?


Sometimes we can, sometimes its not always that simple. For instance,
the open terminal menu item in the nautilus desktop menu *could* look
for all the different terminals it tries to start and check permissions.
However, that would be a) pretty slow, and b) a pain in the ass.



Of course, it would be a lot cooler if it did, so maybe we should try
these sorts of things before going to gconf keys.


Sounds like a nightmare, trying to figure out all possible filenames that
launch a terminal and then restrict these from the menu's...

List of what's is allowed in the menu is far neater approach, that way
if someone simply :
	cp /usr/bin/gnome-terminal ~/my_backdoor
They still will not be able to see my_backdoor appear in a menu item..

Then again they need CLI access to perform the "cp" in the first place :)

--
        __.--'\     \.__./     /'--.__
    _.-'       '.__.'    '.__.'       '-._
  .'       Matt Keenan (mattman)          '.
 /       Sun Microsystems Ireland           \
|                                            |
|   E-Mail : Matt Keenan Sun Com             |
|            mattman iol ie                  |
|                                            |
|  Irish Fantasy League Of American Football |
|           http://www.iflaf.com             |
|                                            |
|        Happy Hookers Golf Society          |
|   http://www.iol.ie/~mattman/golf/hhgs.htm |
|                                            |
|   Phone  : +353 1 8199251, Sun Ext : 19251 |
 \         .---.              .---.         /
  '._    .'     '.''.    .''.'     '.    _.'
     '-./            \  /            \.-'
                      ''

Follow-Ups:
- Re: Lockdown... Take 2
  - From: Alexander Larsson

References:
- Lockdown... Take 2
  - From: Matt Keenan
- Re: Lockdown... Take 2
  - From: Alexander Larsson
- Re: Lockdown... Take 2
  - From: Havoc Pennington
- Re: Lockdown... Take 2
  - From: Alexander Larsson
- Re: Lockdown... Take 2
  - From: Andrew Sobala
- Re: Lockdown... Take 2
  - From: Alexander Larsson
- Re: Lockdown... Take 2
  - From: Alexander Larsson

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]