Autostart and MAC security
Francois Gouget
fgouget at codeweavers.com
Tue Feb 28 16:11:00 EET 2006
Mike Hearn wrote:
[...]
> It doesn't even have to be a shell feature. It can be done
> automatically, because the security system knows the difference between
> "write to ~/.config/autostart/foo.desktop" from AmazingApp 2002 and
> "write to ~/.config/autostart/foo.desktop" from a shell launched from
> your window manager.
It seems like there is no need to even mandate going through a specific
application. Couldn't this system intercept
"open(~/.config/autostart/foo.desktop, O_WRONLY)", invoke an application
that would ask for the user permission just like firewalls do on
Windows, and then only let the open proceed if the user gave the green
light?
Such a scheme looks like a it is needed anyway to deal with all the
other issues that were mentioned previously.
>> * get a list of the entries and return their full path so an
>>application can read them
>> Example: register-autostart --list
>> /home/user/.config/autostart/foo.desktop
>> /home/user/.config/autostart/bar.desktop
>
> What's the use case for a standard desktop application reading the
> auto-start list? For special cases like Wine it can preserve its own
> list of autostart items it registered.
Keeping a separate list of items you added to autostart is the best way
for your list to get out of sync or even lost altogether, after which
you are unable to recover. The only robust solution is to tag the
entries themselves but this requires being able to look at them.
--
Francois Gouget
fgouget at codeweavers.com
More information about the xdg
mailing list