On Sun, 2009-10-25 at 16:42 -0700, Scott Garman wrote: > Michael Robinson wrote: > > I want safe mode to be closed to the average person. If one must enter > > a password to get into safe mode, that will work. Changing the source > > code of firefox is an extreme option that will make it harder to upgrade > > when new releases come out. Is there any standard way to protect > > against safe mode abuse? Procon Latte is a popular plugin I suspect, > > but what's the point of it if anyone behind it can pop into safe mode > > and remove it? I am surprised that the author of Procon Latte hasn't > > addressed the safe mode abuse issue. Ideally, the developers who are > > going to release the next version of firefox should address the safe > > mode abuse issue. > > Safe mode exists for a good reason - to prevent Firefox from becoming > totally borked by third-party extension code. So while in your > particular situation it poses a security risk, I guarantee if it were > disabled by default, a far greater percentage of the user base would be > inconvenienced. It's a trade-off. > > Procon Latte is likely a good solution for users who do not have the > technical know-how or motivation to try running Firefox in safe mode. > Content filters are best deployed at the network level, e.g. as a > firewall service. Otherwise you're constantly playing a cat and mouse > game with other applications the user could install or run to circumvent > the content filtering - including by using things such as bootable CDs > or USB drives. > > Scott
I get the cat and mouse game problem. Thing is, what filter is there that I can implement without a proxy at the network level? Some sites don't work through a proxy. It would be nice if my direct access option could catch attempts to search for "adult" material etcetera and do something about it. To be a direct access option means no proxy though. I suppose I need to use iptables somehow to reroute packets to a server side filter program and then inject as appropriate as if nothing had happened. I want something transparent. An option is to simply go and get the PICS ratings for whatever web site one is trying to reach and flash a warning if appropriate, but how do I do that transparently and still provide direct access? As far as safe mode being an authenticated mode of firefox, I think that is way too liberal. I don't suppose in Linux though that one can restrict what programs can be run. To do so one would need an administrator program that registers all the acceptable programs with perhaps a daemon in the background that gets queried every time there is a request to execute a program. _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
