Re: [Nautilus-list] Idea for Nautilus and GMC.

From: Pavel Machek <pavel ucw cz>
To: Ben Ford <ben kalifornia com>, Zak McGregor <zak mighty co za>
Cc: Evandro Fernandes Giovanini <efgbr terra com br>, miguel ximian com, nautilus-list eazel com, mc gnome org, prion-me-harder ximian com
Subject: Re: [Nautilus-list] Idea for Nautilus and GMC.
Date: Sun, 27 May 2001 14:01:15 +0200

Hi!

Now, for apps executed in such a way via Nautilus or GMC, perhaps it
would be a good idea to have a sort of chrooted environment for those
files to run in, and have the application revert the status of the file
*back* to whatever it was prior to the execution of it via whichever
interface was used to invoke it? That way, the clueless would only be
able to execute it via the interface, which would run it in a clean
environment and also protect the user from inadvertently running the
executable via any other means. If the user wants to run the program
through any other means, he would have to do the chmod +x himself,
leaving the situation no worse off than without these ideas implemented
in Nautilus...


Wouldn't work well that way.  What about the Ximian installer, or the 
RealPlayer installer?

You could do a sandbox like Java so it'd pop up a warning when a program 
tried to overstep boundaries, but I don't think it would be worth the 
coding effort.  User permissions are probably more that enough.  (unless 
luser is running as root, then he can discover why you don't do
that!)


This is already coded, see subterfugue.org. It has even nice
gui.

These are rules for "normal" untrusted application:

# Generic configuration



# It is okay to read/write to any file, if user confirms that.
path ask read /
path ask write /

# Any world-readable files are okay, too
path allow_if_public read /

path allow write /dev/tty
path allow write /dev/null
path allow write /dev/zero

# We do not want to be asked about bash...
path deny write $HOME/.bash_history

# We do not want to receive warnings about bash accessing $MAIL
path deny read $MAIL

# It is okay to connect anywhere, if you ask, first
net ask connect *
# It is okay to talk over unix domain sockets
net allow connect Unix*

path allow write /tmp/delme

                                                                Pavel
-- 
I'm pavel ucw cz  "In my country we have almost anarchy and I don't care."
Panos Katsaloulis describing me w.r.t. patents at discuss linmodems org

References:
- Idea for Nautilus and GMC.
  - From: Miguel de Icaza
- Re: [Nautilus-list] Idea for Nautilus and GMC.
  - From: Evandro Fernandes Giovanini
- Re: [Nautilus-list] Idea for Nautilus and GMC.
  - From: Zak McGregor
- Re: [Nautilus-list] Idea for Nautilus and GMC.
  - From: Ben Ford

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]