"Name" key value in desk. entry spec collides with file names, could misguide users?
robert at wittams.com
Sun Mar 20 22:17:32 EET 2005
>>Why? Because I don't believe requiring a magic flag to be set to run a
>>program makes things more secure, it just decreases usability.
> ...selinux actually makes this worse, by not allowing you to do anything - at all with what you
> downloaded. And if it does have a method to run it, it's not different than the +x solution,
> expect for being more complex and less portable to other systems.
I'm not convinced that the +x solution is good or bad as a stop gap. But...
SELinux definitively is NOT the same as the +x solution. The +x solution
gives the user 1 choice:
"Do you want to give this program as much control over this computer as
Any SELinux solution worth its salt is going to allow the script to run
in a sandbox, see if it tries to do anything more, and ask if the user
wants to grant the permission to do that single act, or widen the
permission to future acts.
Well behaved programs that forsee the need will ask for permissions up
front. Trojans that want to seem well behaved will do the same. But they
won't be able to hide what they want to do, due to the unspoofable
window features that will need to be built into next gen
window/composite managers, and used by the sandboxing process.
This will of course require a lot of work. But it will be a *real*
solution to trojans arriving in downloads and emails. Yours is a stop
gap. Don't compare the two as if they are similar - they are not.
The standard complaint here is that users will just say yes to
everything. This is based on experience gained from the masterful
ActiveX dialog and Suns Java Webstart. I think the user experience can
be improved from these disasters : for one, this won't be about trusting
And as to portability: sometimes posix is not enough, we can't wait for
every api to be implemented everywhere before allowing its use. Of
course, nothing stops other systems just forgoing the extra security
features, implementing them, or forging their own path.
More information about the xdg