is there a security spec that is above MIME etc
Dave Cridland
dave at cridland.net
Sun Aug 29 10:12:15 EEST 2004
On Sat Aug 28 17:59:50 2004, Kristof Vansant wrote:
> Is there a security spec that is above MIME etc.
> For a company it could be interresting to give people rights on
> certain
> MIME types. I mean like the group users is not allowed to play mp3
> files
> and is prohibited to write on a cdrw but is allowed to read it (this
> would need a media spec).
>
>
MP3, not to my knowledge.
CDRW, yes - it's device permissions.
> Interresting would also be (for the utopia project) to be able to
> not
> allow certain groups to mount usb sticks (usb sticks form a easy
> way to
> save secret info, could be a security risk for some companies)
>
>
Yes, you have the USB stick thing mountable only by root. Device
permissions again.
I might be missing something obvious, but permissions per device are
easy. A device 'you' only have read permission for, you can only
mount read-only, and if you don't have read permission, you can't
mount it at all.
Permissions based on media type would be pretty tricky, if not
impossible, since the operating system has to enforce these. (Or at
least the filesystem. I'm never quite sure exactly where these things
kick in.). You might be able to prevent MP3 playing by mounting the
home directories with noexec (or whatever the options is) and simply
not installing MP3 players.
Either way, this is outside the remit of the desktop, isn't it?
Dave.
More information about the xdg
mailing list