Re: gnome-panel menu lockdown proposal

From: Ghee Teo <Ghee Teo Sun COM>
To: Alan Horkan <horkana maths tcd ie>
Cc: desktop-devel-list gnome org
Subject: Re: gnome-panel menu lockdown proposal
Date: Tue, 09 Jan 2007 13:48:44 +0000

was that a typo for 'gotcha'?  as in "got you", a hidden problem which
will might come back and get you?re

   Yeap. You are absolutely correct!

Some dialog allows you to specify the command that you want to run (exec)
So user can simply change that to something like gnome-terminal and
hence open up a hole in the intended lockdown.


I am worried that a locked down Gnome will be as unpleasant to use as the
other locked down system I have experienced (that other Operating System
which isn't particularly pleasant to use in the first place).  The purpose
of lockdown seems a little "anti-users" since the underlying intention is
to make administration easier and prevent ordinary users from messing
things up.

I think for developers, any lock down environment is a no-no.However, there areinstances where lock down is essential such as a kiosk in a publicplace. Though inthose scenarios, I imagine one is better off writing a customisedinterface instead of

using standard GNOME desktop.

 However, there are corporation needs for lock down not only for ease of

administration, security and also help the IT support to sleep better atnight :).Imagine a bank is providing a browser based interface for the customerto querytheir account information. The last thing the bank one is someone ableto get out

of that and make some direct attempt to its head quarter database.

An example in point is http://bugzilla.gnome.org/show_bug.cgi?id=394560
One  way to lock this down is to remove the applet in point from
the Add to panel list, and that will requires special point patch
or not to install that package completely.


There are probably many more like these hidden around the place,
applications which provide an option to execute another application.  I
recall lockdown in Microsoft Windows could be subverted in a similar way
if they made the mistake of leaving Winzip installed.

That is why I call this a gotcha :). Of course this gotcha here isslightly off-topic from the

original discussion. Sorry.

-Ghee

References:
- gnome-panel menu lockdown proposal
  - From: Matt Keenan
- Re: gnome-panel menu lockdown proposal
  - From: guenther
- Re: gnome-panel menu lockdown proposal
  - From: Matt Keenan
- Re: gnome-panel menu lockdown proposal
  - From: guenther
- Re: gnome-panel menu lockdown proposal
  - From: Vincent Untz
- Re: gnome-panel menu lockdown proposal
  - From: guenther
- Re: gnome-panel menu lockdown proposal
  - From: Ghee Teo
- Re: gnome-panel menu lockdown proposal
  - From: Alan Horkan

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]