On Wed, 2005-11-23 at 23:08, guenther wrote: > > I have been looking at trying to prevent command-line access to our > > users and found the link below that applies to Gnome: > > > > http://www.gnome.org/learn/admin-guide/latest/ch10s03.html > > > > Evolution has the ability to run any script as a signature file which > > gets around the lock-down features above. Is there any way of turning > > off Evolution's ability to run a script. If not it seems like a needed > > security feature. > > Ho hum. I don't know of any way to prevent this, sorry. > > Indeed it seems, the feature to run signature scripts should listen to > this key. Please file a bug report in bugzilla.gnome.org and don't > hesitate to set some higher priority and security related keywords. > > On a side note: I never had a look at the lockdown mechanisms in GNOME, > but I wonder if this actually is used all over the place. As an example, > 'gnome-default-applications-properties' does not allow the user to > choose a custom application, does it? > > ...guenther Hi Guenther,
Thanks for the quick response. I will submit the bug when I get a chance - do you have a link I can go to to do that? My immediate issue is a fix for the signature script backdoor but perhaps the bug should be phrased something like "Lack of Compliance to Gnome lockdown architecture". Perhaps that will encourage my particular issue to be fixed in a Gnome compliant manner and maybe other potential security issues - ie. maybe kill several birds with one stone. I only found out about the Gnome lockdown stuff last night so I know about as much as you about it. It looks pretty new as I hadn't come across it before, so I doubt that the majority of Gnome apps are compliant. Evolution is the main one I am interested in at the moment. Regards Murray _______________________________________________ Evolution-list mailing list Evolution-list@gnome.org http://mail.gnome.org/mailman/listinfo/evolution-list
