plasma security constraints
Aaron J. Seigo
aseigo at kde.org
Sun Jul 13 22:06:56 CEST 2008
On Sunday 13 July 2008, Chani wrote:
> On July 13, 2008 10:34:19 Aaron J. Seigo wrote:
> > On Friday 11 July 2008, Chani wrote:
> > > *launching external programs: this isn't entirely about security - if
> > > the screensaver is running, those external programs will be trapped
> > > below it, so that makes them rather useless. it's nice to let applets
> > > know, so that they can just not bother trying.
> >
> > we'll also want this for certain lock down scenarios, such as untrustred
> > downloaded scripts ...
> >
> > > *running arbitrary commands: we have a plasmoid that allows you to just
> > > type in a command and run it. I don't think I have to explain why
> > > that's dangerous. :)
> >
> > how is this differentiated from "launching external programs"? is there a
> > situation where it would be Ok to launch arbitrary UI apps but not system
> > commands?
>
> well, they're not necessarily arbitrary - most existing cases just launch
> konq - but since you can get from konq to anywhere you like, maybe that
> doesn't matter.
> I do wonder if there could be a case where system commands would be ok, but
> external apps wouldn't. a system with really bad window management
> perhaps? ;) that does seem very unlikely... unless someone persuades me to
> give users the ability to turn off the "no system commands" constraint on
> the screensaver.
> ...so, very unlikely, but I'm not sure it'd never ever happen.
>
> > > *desktoppy stuff: application launchers, taskbars, systray, pager,
> > > etc... these only belong on a desktop, not the screensaver or anywhere
> > > else. they tend to assume we have a windowmanager, plasma-the-desktop,
> > > and all the usual stuff available. application-launchers also fall
> > > under the heading of "launching external programs". I need a better
> > > name for this category, though. :)
> >
> > you can probably filter on the applet category here; Windows and Tasks,
> > Application Launchers.
>
> in that case, the categories would have to actually be enforced.
> right now the trash applet is in "file system"
which is the right place for it
> (along with useful things
> like calendar),
calendar is in file system?!
> quicklaunch is in misc (although those two can be filtered
> out by security),
quicklaunch should be in Application Launchers
> lock/logout is in "system information",
wrong category
> so is the device notifier,
this one is correct.
> and paste is in utilities.
paste?
> also, the notify applet is in "windows
> and tasks",
notify does not belong in "windows and tasks"
--
Aaron J. Seigo
humru othro a kohnu se
GPG Fingerprint: 8B8B 2209 0C6F 7C47 B1EA EE75 D6B7 2EB1 A7F1 DB43
KDE core developer sponsored by Trolltech
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part.
Url : http://mail.kde.org/pipermail/panel-devel/attachments/20080713/7137baeb/attachment.pgp
More information about the Panel-devel
mailing list