Re: [sabayon] hello

[Alexander Larsson <alexl redhat com>]

On Thu, 2006-03-16 at 13:44 -0800, Robert Taylor wrote:

> 3.  I noticed some funkyness in the general approach to the Sabayon
> concept.  I grok the coolness of using xnest to visually drag and drop
> changes.  Unless I am missing something here, the downside is that once
> you remove for example alacarte or remove access to gconf via the 2 or 3
> ways you can get to it, that you effectly 'paint your self into a
> corner' where you can't go back and make changes that require those
> tools for access (usually toward the end of the process where you go
> 'i'm done' then go 'oh shit i forgot something'.  Does anyone else find
> this as well or am I missing something obvious?

I'm not sure exactly what you mean, but have you seen the menu item
"Edit->Enforce Mandatory" in the profile editor? If you disable that
then you will be able to change mandatory settings in the editor, which
is useful in some cases.

> 4.  One "quirk" that i found was that one can disable access to gconf by
> removing the icon menu, but that really isn't actually disabling access.
> You are just removing the convenience and can still use nautilus
> traverse the file system and startup gconf if you need to.  That brings
> up the question in regards to what exactly are user profiles really
> configuring, the desktop environment features or locking down the system
> security?  I am just wondering if there is a general philosophical
> approach to this, are we simply using sabayon to customize the user
> experience and should use other tools (well normal unix techniques for
> managing security) or is the project aiming at something more?  I'm just
> curious about peoples opinions on this.

Lockdown is a complicated concept. If you take things to the extreme,
all you need is a way to copy files to your homedir and launch them and
the user can do anything. I mean, he could easily build a full copy of a
not-locked-down gnome, copy it into his homedirectory and start it. So,
if you chose to lock down just a single setting that is not really 100%
impossible to change. However, in practice it is to most users. 

The various lockdown options available could, in combination with unix
security and a lot of work make it possible to create a fully locked
down system, since there are lockdown options like "don't allow command
lines" etc in various gnome apps. Of course, this will result in an
extremely anal desktop where you can do almost nothing (and its easy to
forget some attack vector when setting it up, so it might not actually
be 100% secure).

One detail in how sabayon works is that the "mandatory" gconf settings
are actually stored in the users homedir, so you could with a bit of
work possibly change those (although they would be re-written on the
next login). If the mandatory config was stored somewhere else, not
writable to the user then this attack vector would be removed. However
that is a lot more complex to handle (i.e. you would need some setuid
thing during login), and doesn't remove all attack vectors anyway.
Non-gconf "mandatory" settings are similarly vulnerable. They are only
copied over on each login. 

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 Alexander Larsson                                            Red Hat, Inc 
                   alexl redhat com    alla lysator liu se 
He's a gun-slinging arachnophobic shaman who knows the secret of the alien 
invasion. She's a mentally unstable French-Canadian research scientist with 
the soul of a mighty warrior. They fight crime!