On Sun, 2005-11-27 at 07:12, guenther wrote: > On Thu, 2005-11-24 at 13:18 +0800, Murray Trainer wrote: > > On Wed, 2005-11-23 at 23:08, guenther wrote: > > > > I have been looking at trying to prevent command-line access to our > > > > users and found the link below that applies to Gnome: > > > > > > > > http://www.gnome.org/learn/admin-guide/latest/ch10s03.html > > > > > > > > Evolution has the ability to run any script as a signature file which > > > > gets around the lock-down features above. Is there any way of turning > > > > off Evolution's ability to run a script. If not it seems like a needed > > > > security feature. > > > > > > Ho hum. I don't know of any way to prevent this, sorry. > > > > > > Indeed it seems, the feature to run signature scripts should listen to > > > this key. Please file a bug report in bugzilla.gnome.org and don't > > > hesitate to set some higher priority and security related keywords. > > > > > > On a side note: I never had a look at the lockdown mechanisms in GNOME, > > > but I wonder if this actually is used all over the place. As an example, > > > 'gnome-default-applications-properties' does not allow the user to > > > choose a custom application, does it? > > Or even worse, does the feature to enable double click on executables in > Nautilus listen to this lockdown setting? > > This whole topic in general really seems to be appropriate for general > GNOME related mailing lists, as there are other ways, which are not > mentioned in that link... > > Mailing lists on gnome.org: > http://mail.gnome.org/mailman/listinfo/ > > General GNOME mailing list: > http://mail.gnome.org/mailman/listinfo/gnome-list > > > > Thanks for the quick response. I will submit the bug when I get a > > chance - do you have a link I can go to to do that? > > Hope you're asking for this one. Otherwise I don't get the question. > > http://bugzilla.gnome.org/ > > > > My immediate issue > > is a fix for the signature script backdoor but perhaps the bug should be > > phrased something like "Lack of Compliance to Gnome lockdown > > architecture". Perhaps that will encourage my particular issue to be > > fixed in a Gnome compliant manner and maybe other potential security > > issues - ie. maybe kill several birds with one stone. > > > > I only found out about the Gnome lockdown stuff last night so I know > > about as much as you about it. It looks pretty new as I hadn't come > > across it before, so I doubt that the majority of Gnome apps are > > compliant. Evolution is the main one I am interested in at the moment. > > Well, I guess there are easier ways for the average user to discover > than this... :/ > > ...guenther
Hi Guenther, I have logged the issue in bugzilla as shown below: Bug 322553: Evolution can run scripts to create signatures - this feature can't be disabled. Regards Murray _______________________________________________ Evolution-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/evolution-list
