Re: Various suggestions.



thristian@atdot.org wrote:
> 
> That's the genesis of a truly interesting idea.
> 
> Selections as lists. This ties into such thoughts as the Search Tool list,
> selections (in the file manager), moving between desktops, OS/2 Pickup, and so
> forth.

That is indeed interesting.  It'd be fairly simple to implement too, I'd
think.  Just save the file list just like XMMS does: a text file, one
file name per line.  (It stands to reason, then, that a GNOME File List
would automatically be compatible with XMMS and WinAmp!)  Name the file
with some unique extension (gfl, for the sake of argument) and tie a
MIME type to that file extension.  Then, GMC just needs to understand
special behaviors for any file with that MIME type.

I especially like the idea of deferred drag and drop: collect a bunch of
file names, then drag the list file to the target, which acts like
dragging all the list's named files to the target.
 
> Lifetime of a list - A list that is just listed but not operated on
> [could|should] be kept through sessions. For lists that are operated on, there
> are two options - either the list should vanish (like selections do when
> operated on, often) or they should stay. I propose a checkbox labelled
> "persistent" on our list - after operations, the list continues to exist of
> "persistent" is checked.

That idea has some merit, but consider also my "make it a real file"
idea.  I don't really know which one's better, or that maybe a
combination is better.  But it's something to think about.

> >       What? I don't understand why you say that. Is a joke or you didn't
> > realized how to solve it???
> >       (maybe it is my bad english)
> 
> No, I really didn't know that someone had already found a solution.

You'll find that a lot in the GNOME world: an unwillingness to invent a
totally new solution if something in the OS already gives that behavior,
even if it requires some extra work.  Maybe that's why I suggest using
simple files and MIME to do File Lists -- you don't have to invent
something nonstandard to make it work.

> Is there anyone here with more security knowledge than I? Is making date suid
> root a good idea?

Not really, no.  Imagine someone breaking into your computer, resetting
the system time to some time in the past, and then forging a rotten
email from your computer.  Then they could set the time back to "normal"
and log out.  

You'd get a complaint from whoever received the email, so to diagnose
it, you'd start by looking at the email headers to find the time the
message was sent.  Then you'd search your machine's log files to see
what happened at around that time.  You'd be mislead, looking in the
wrong place in the log files for clues.
 
Here's another attack that could happen if diddling the system time was
something any user could do: you could cause certain cron events to be
skipped.  Let's say you put a security scanning package in your system
crontab, set to run every hour.  A cracker could keep resetting the time
to roll the system time back and forth _around_ that hour, so that cron
wouldn't realize it needs to run the program.  Overall, you might not
notice that the system time was being messed with, because it would only
change by a couple of minutes, twice an hour.

-- 
= Warren Young
= See the *ix pages: http://www.cyberport.com/~tangent/ix/
= ICBM Address: 36.8274040 N, 108.0204086 W, alt. 1714m



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]