Re: security holes in gnome-vfs application list (was Call for
- From: Colm Smyth <Colm Smyth ireland sun com>
- To: darin eazel com, alan redhat com
- Cc: alan redhat com, gnome-hackers gnome org, seth eazel com
- Subject: Re: security holes in gnome-vfs application list (was Call for
- Date: Mon, 26 Feb 2001 18:22:05 +0000 (GMT)
I agree completely with Alan about the default mime-type bindings. I'd
also suggest that:
- it should be possible to configure Nautilus and indeed Evolution
to disable scripts completely or to display a query dialog when starting
scripts outside of a (configurable) list of trusted directories;
in the case of mail messages, the "domain of trust" could be a net
domain or even a list of trusted hosts; this may help to prevent GNOME
from becoming another petri dish for viruses and trojans; who doesn't
remember "I LOVE YOU"? ;) (the list of trusted directories could just
be the user's PATH, but it should exclude ".")
- it would be nice to be able to configure Sawfish to ignore themes in
the user's home directory (who knows where they got them from and
how many users or even developers scan the scheme code before using it?!)
and only allow themes installed in the GNOME system directory to be used.
(it would be better if librep could run in a "sandbox" mode that
disallowed writing to files, pipes and sockets, but that's harder and
doesn't give the same security as being only able to run with a set of
tried and trusted themes that come with GNOME, along with some
extensions that a local knowledgeable sysadmin has setup).
Colm.
>Delivered-To: gnome-private-members gnome org
>Delivered-To: gnome-hackers gnome org
>From: Alan Cox <alan redhat com>
>Subject: Re: security holes in gnome-vfs application list (was Call for
>To: darin eazel com (Darin Adler)
>Cc: alan redhat com (Alan Cox), gnome-hackers gnome org, seth eazel com
>MIME-Version: 1.0
>Content-Transfer-Encoding: 7bit
>X-BeenThere: gnome-hackers gnome org
>X-Loop: gnome-hackers gnome org
>X-Mailman-Version: 2.0beta5
>List-Id: <gnome-hackers.gnome.org>
>X-BeenThere: gnome-private-members gnome org
>X-Loop: gnome-private-members gnome org
>
>> > A user assumes that the system is shipped in a secure manner, in the same
>> > way as your car comes with the break pedal connected, rather than coming
>> > with a break pedal and an optional break pedal enabled configuration
feature
>>
>> I'm not sure what you're proposing? If "insecure programs" are installed on
>> a particular system, you think that the Nautilus shell should prevent users
>> from starting them?
>
>I wouldnt go that far.
>
>The programs that are started automatically by mime type bindings as shipped
>with nautilus should be
>
> o Ones we believe to be reasonably secure
> o Not shell scripts (too many name parsing bugs)
>
>If the user chooses to add something silly then thats fine (just like if the
>user disconnects the brake pedal). Similarly if the user clicks on a file
>and says run it with this specific app, then its their own head
>
>So for example default bindings for gqview, abiword, etc probably make a lot
>of sense, but not a collect the set mentality - except maybe as items in a
>menu you can use to enable later
>
>
>Alan
>
>
>_______________________________________________
>gnome-hackers mailing list
>gnome-hackers gnome org
>http://mail.gnome.org/mailman/listinfo/gnome-hackers
>
>
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
