Mike Hearn wrote:
[...]
It's worse than that. As soon as you run any untrusted piece of code,
even in your account, it is game over for your account.
Today, yes, but I think one long term aim should be to change that.
Users clearly _do_ run less trustworthy code in their accounts all the
time, because there's no real way to determine if a program is "evil" or
not ahead of time. It's possible to make an OS robust against this
reality, so we may as well start evolving Linux in this direction
now ...
So your plan is to have ~/.config/autostart be locked down such that all
of the following commands fail?
cp foo.desktop ~/.config/autostart
cat foo.desktop >~/.config/autostart/foo.desktop
rm ~/.config/autostart/foo.desktop
rm -rf ~/.config
Frankly I would not want to use a system where standard commands such as
cp, rm and cat are crippled in such a way. Though if the shell gives me
a way to locally turn this feature off for all child processes it may be ok.
Anyway, if going through a register-autostart tool is to be made
mandatory, it should at least provide the following functionality:
* add an entry
Example: register-autostart --add foo.desktop
* remove an entry
Example: register-autostart --del foo.desktop
* get a list of the entries and return their full path so an
application can read them
Example: register-autostart --list
/home/user/.config/autostart/foo.desktop
/home/user/.config/autostart/bar.desktop
--
Francois Gouget
[EMAIL PROTECTED]
_______________________________________________
xdg mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/xdg
