Re: [Nautilus-list] Idea for Nautilus and GMC.


> >Now, for apps executed in such a way via Nautilus or GMC, perhaps it
> >would be a good idea to have a sort of chrooted environment for those
> >files to run in, and have the application revert the status of the file
> >*back* to whatever it was prior to the execution of it via whichever
> >interface was used to invoke it? That way, the clueless would only be
> >able to execute it via the interface, which would run it in a clean
> >environment and also protect the user from inadvertently running the
> >executable via any other means. If the user wants to run the program
> >through any other means, he would have to do the chmod +x himself,
> >leaving the situation no worse off than without these ideas implemented
> >in Nautilus...
> >
> Wouldn't work well that way.  What about the Ximian installer, or the 
> RealPlayer installer?
> You could do a sandbox like Java so it'd pop up a warning when a program 
> tried to overstep boundaries, but I don't think it would be worth the 
> coding effort.  User permissions are probably more that enough.  (unless 
> luser is running as root, then he can discover why you don't do

This is already coded, see It has even nice

These are rules for "normal" untrusted application:

# Generic configuration

# It is okay to read/write to any file, if user confirms that.
path ask read /
path ask write /

# Any world-readable files are okay, too
path allow_if_public read /

path allow write /dev/tty
path allow write /dev/null
path allow write /dev/zero

# We do not want to be asked about bash...
path deny write $HOME/.bash_history

# We do not want to receive warnings about bash accessing $MAIL
path deny read $MAIL

# It is okay to connect anywhere, if you ask, first
net ask connect *
# It is okay to talk over unix domain sockets
net allow connect Unix*

path allow write /tmp/delme

I'm pavel ucw cz  "In my country we have almost anarchy and I don't care."
Panos Katsaloulis describing me w.r.t. patents at discuss linmodems org

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]