[conspire] Autorun in GNOME/Nautilus

Nick Moffitt nick at zork.net
Wed Sep 28 03:47:09 PDT 2011


Ruben Safir:
> On Wed, Sep 28, 2011 at 10:20:31AM +0000, Nick Moffitt wrote:
> > Ruben Safir:
> > > are you saying evince can run an executable?
> > Sorry, what?
> Well, why does it need to be locked down?

See upthread, included again below to restore context for you:

Rick Moen:
> It requires that a 'policy' file exist for any application that's to be
> corraled in this fashion:  The policy file describes various sorts of
> access that will be permitted or denied to particular pathspecs.
> Several distros (not just Novell/SUSE) have been gradually introducing
> policies covering particular utilities posing security concern.  The
> Wikipedia page cites CUPS, MySQL, libvert, Evince[1], and Firefox.
[...]
> [1] To get some idea of why Evince needs help, compare its and xpdf's
> dependencies in my page about PDF readers,
> http://linuxmafia.com/faq/Apps/pdf-readers.html .  (I exclude X11 core
> libs and also libgcc and friends.)


-- 
Man, I love how everyone is like "In my blog, which is
a blog on the Internet, which you all may be interested
in visiting, I talked about what I am now saying here."
                            -- George Moffitt




More information about the conspire mailing list