Re: Restricted view of the filesystem

["Sayamindu Dasgupta" <sayamindu randomink org>]

On 7/10/07, guenther <guenther rudersport de> wrote:
> On Sat, 2007-07-07 at 02:58 +0530, Sayamindu Dasgupta wrote:
> > On 7/7/07, guenther <guenther rudersport de> wrote:
> > >
> > > > In a deployment scenario, the desktop administrator should ideally be
> > > > able to define a restricted set of directories which users in a
> > > > profile will be able to view.  For example, a user may only be allowed
> > > > to view the contents of his home directory and its subdirectories.
> > > [...]
> > >
> > > > Thoughts/comments/suggestions are welcome :-).
> > >
> > > Clearly, this is just about defining "a view", not security related in
> > > any sense of the word, right?
> >
> > No - this is not at all security related.
>
> OK then. You might just as well have ignored the rest of my post in that
> case. :-)

:-)

> > > If you are thinking security, this is the wrong approach. File ownership
> > > and permissions do this, or ACLs. This is not the duty of the graphical
> > > interface to handle and enforce. Can these users log in via a virtual
> > > terminal? Can they launch gnome-terminal, xterm, bash... Or even emacs?
> >
> > No - they cannot. This kind of restriction would be implemented along
> > with the other lockdown options
> > (/desktop/gnome/lockdown/disable_command_line) :-)
>
> Please note that there still are a couple of ways to break out of a
> locked down desktop. Or at least, it has been last time I checked.

I admit that there are pretty large holes. I help with a few
deployments myself, and I have seen people getting access through the
terminal using Anjuta (the built in shell). I think Federico (my
mentor in the SoC) knows someone who is trying to make a list of
possible ways through which someone can gain access to the shell while
using the desktop, so we might use that list to plug in the holes.

Cheers,
Sayamindu

--
Sayamindu Dasgupta
[http://sayamindu.randomink.org/ramblings]