[Kde-kiosk] [introduction] John Vestrum
Andreas Pour
kde-kiosk@mail.kde.org
Tue, 19 Mar 2002 03:52:10 -0600
Martijn Klingens wrote:
>
> On Monday 18 March 2002 19:14, Janyne Kizer wrote:
> > I would love to hear how others have locked down their KDE
> > installations. We would like to lock down the kicker and menu.
> > StarOffice seems to be complicating things a bit though. If I get it
> > working the way that I want before others post, I'll be sure to post my
> > setup. I locked things down a bit *too* much last time and I had some
> > login issue :-) Thanks again for this list.
>
> I think Waldo's new Kiosk framework in KDE 3 will allow you to lock down most
> of the settings stuff. Much more complicated will be to prevent users from
> accessing the shell, since there are a _lot_ of ways to launch external
> commands from a Unix app. No idea how (or even if) you could lock that down.
>
> Martijn
Make /bin/sh a link to a setguid pre-shell program that denies
interactive shells and (1) compares scripts to a set of permitted
scripts, and/or (2) only runs scripts that are owned by root and in some
configurable PATH (/usr/bin, /bin, /opt/kde2/bin, etc.), and make the
actual shell only executable by that group (i.e., "chmod o -x
/bin/real_shell)? Of course the admins would be in this special group
and so be able to execute shell commands.
Just a thought.
Dre