"Name" key value in desk. entry spec collides with file names, could misguide users?
Josef Spillner
spillner at kde.org
Sun Mar 20 16:59:03 EET 2005
Am Sonntag, 20. März 2005 15:04 schrieb Mike Hearn:
> This line of thinking is security-through-obnoxiousness and is just a
> variant on obscurity. It's not providing a real solution, it's just making
> it more awkward (not even harder, really) to do what you want to do.
The Linux capability model already provides a basic lock-down functionality.
The problem is that as a user, you cannot say that you want to restrict file
system access to say /tmp/mychroot. Only root can do this. This is flawed.
But I think such restrictions should indeed be possible, as today's users are
already used to download scripts and run them (e.g. superkaramba), and
implementing sandboxes in VMs is nice, but not as reliable and flexible.
Josef
More information about the xdg
mailing list