Re: [Evolution] Evolution Signature Scripts Backdoor

[guenther <guenther rudersport de>]

> I have been looking at trying to prevent command-line access to our
> users and found the link below that applies to Gnome:
>   
> http://www.gnome.org/learn/admin-guide/latest/ch10s03.html
>
> Evolution has the ability to run any script as a signature file which
> gets around the lock-down features above.  Is there any way of turning
> off Evolution's ability to run a script.  If not it seems like a needed
> security feature.

Ho hum. I don't know of any way to prevent this, sorry.

Indeed it seems, the feature to run signature scripts should listen to
this key. Please file a bug report in bugzilla.gnome.org and don't
hesitate to set some higher priority and security related keywords.

On a side note: I never had a look at the lockdown mechanisms in GNOME,
but I wonder if this actually is used all over the place. As an example,
'gnome-default-applications-properties' does not allow the user to
choose a custom application, does it?

...guenther


-- 
char *t="\10pse\0r\0dtu\0  ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}