Re: gnome-panel menu lockdown proposal



On Tue, 9 Jan 2007, Ghee Teo wrote:

> Date: Tue, 09 Jan 2007 11:31:07 +0000
> From: Ghee Teo <Ghee Teo Sun COM>
> To: guenther <guenther rudersport de>
> Cc: desktop-devel-list gnome org
> Subject: Re: gnome-panel menu lockdown proposal
>
> There is another type of gocha type of against lock down.

was that a typo for 'gotcha'?  as in "got you", a hidden problem which
will might come back and get you?

> Some dialog allows you to specify the command that you want to run (exec)
> So user can simply change that to something like gnome-terminal and
> hence open up a hole in the intended lockdown.

I am worried that a locked down Gnome will be as unpleasant to use as the
other locked down system I have experienced (that other Operating System
which isn't particularly pleasant to use in the first place).  The purpose
of lockdown seems a little "anti-users" since the underlying intention is
to make administration easier and prevent ordinary users from messing
things up.

I had hoped that some system of rollback would be pursued at the same time
as lockdown. If the user interface was more forgiving of mistakes and it
was easier to back out from problems or revert things it would reduce the
need for lockdown or complement the lockdown tools and make the
administrators job easier.

The name "lockdown" unfortunately implies a whole lot.  At the very least
adminstrators need to be clearly warned that lockdown is not a silver
bullet and a lot like asking users not to move the furniture and that a
determined messer can still cause trouble.

> An example in point is http://bugzilla.gnome.org/show_bug.cgi?id=394560
> One  way to lock this down is to remove the applet in point from
> the Add to panel list, and that will requires special point patch
> or not to install that package completely.

There are probably many more like these hidden around the place,
applications which provide an option to execute another application.  I
recall lockdown in Microsoft Windows could be subverted in a similar way
if they made the mistake of leaving Winzip installed.



-- 
Alan




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]