On Thu, 2005-11-24 at 13:18 +0800, Murray Trainer wrote: > On Wed, 2005-11-23 at 23:08, guenther wrote: > > > I have been looking at trying to prevent command-line access to our > > > users and found the link below that applies to Gnome: > > > > > > http://www.gnome.org/learn/admin-guide/latest/ch10s03.html > > > > > > Evolution has the ability to run any script as a signature file which > > > gets around the lock-down features above. Is there any way of turning > > > off Evolution's ability to run a script. If not it seems like a needed > > > security feature. > > > > Ho hum. I don't know of any way to prevent this, sorry. > > > > Indeed it seems, the feature to run signature scripts should listen to > > this key. Please file a bug report in bugzilla.gnome.org and don't > > hesitate to set some higher priority and security related keywords. > > > > On a side note: I never had a look at the lockdown mechanisms in GNOME, > > but I wonder if this actually is used all over the place. As an example, > > 'gnome-default-applications-properties' does not allow the user to > > choose a custom application, does it?
Or even worse, does the feature to enable double click on executables in Nautilus listen to this lockdown setting? This whole topic in general really seems to be appropriate for general GNOME related mailing lists, as there are other ways, which are not mentioned in that link... Mailing lists on gnome.org: http://mail.gnome.org/mailman/listinfo/ General GNOME mailing list: http://mail.gnome.org/mailman/listinfo/gnome-list > Thanks for the quick response. I will submit the bug when I get a > chance - do you have a link I can go to to do that? Hope you're asking for this one. Otherwise I don't get the question. http://bugzilla.gnome.org/ > My immediate issue > is a fix for the signature script backdoor but perhaps the bug should be > phrased something like "Lack of Compliance to Gnome lockdown > architecture". Perhaps that will encourage my particular issue to be > fixed in a Gnome compliant manner and maybe other potential security > issues - ie. maybe kill several birds with one stone. > > I only found out about the Gnome lockdown stuff last night so I know > about as much as you about it. It looks pretty new as I hadn't come > across it before, so I doubt that the majority of Gnome apps are > compliant. Evolution is the main one I am interested in at the moment. Well, I guess there are easier ways for the average user to discover than this... :/ ...guenther -- char *t="[EMAIL PROTECTED]"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1: (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}} _______________________________________________ Evolution-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/evolution-list
