plasma security constraints

Chani chanika at gmail.com
Sun Jul 13 20:23:48 CEST 2008


On July 13, 2008 10:34:19 Aaron J. Seigo wrote:
> On Friday 11 July 2008, Chani wrote:
> > *launching external programs: this isn't entirely about security - if the
> > screensaver is running, those external programs will be trapped below it,
> > so that makes them rather useless. it's nice to let applets know, so that
> > they can just not bother trying.
>
> we'll also want this for certain lock down scenarios, such as untrustred
> downloaded scripts ...
>
> > *running arbitrary commands: we have a plasmoid that allows you to just
> > type in a command and run it. I don't think I have to explain why that's
> > dangerous. :)
>
> how is this differentiated from "launching external programs"? is there a
> situation where it would be Ok to launch arbitrary UI apps but not system
> commands?

well, they're not necessarily arbitrary - most existing cases just launch 
konq - but since you can get from konq to anywhere you like, maybe that 
doesn't matter.
I do wonder if there could be a case where system commands would be ok, but 
external apps wouldn't. a system with really bad window management 
perhaps? ;) that does seem very unlikely... unless someone persuades me to 
give users the ability to turn off the "no system commands" constraint on the 
screensaver.
...so, very unlikely, but I'm not sure it'd never ever happen.

> > *desktoppy stuff: application launchers, taskbars, systray, pager, etc...
> > these only belong on a desktop, not the screensaver or anywhere else.
> > they tend to assume we have a windowmanager, plasma-the-desktop, and all
> > the usual stuff available. application-launchers also fall under the
> > heading of "launching external programs". I need a better name for this
> > category, though. :)
>
> you can probably filter on the applet category here; Windows and Tasks,
> Application Launchers.

in that case, the categories would have to actually be enforced.
right now the trash applet is in "file system" (along with useful things like 
calendar), quicklaunch is in misc (although those two can be filtered out by 
security), lock/logout is in "system information", so is the device notifier, 
and paste is in utilities. also, the notify applet is in "windows and tasks", 
but I think I might like to have it on my screensaver...

-- 
This message brought to you by evyl bananas, and the number 3.
www.chani3.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://mail.kde.org/pipermail/panel-devel/attachments/20080713/05acfcc9/attachment.pgp 


More information about the Panel-devel mailing list