[conspire] Autorun in GNOME/Nautilus

Rick Moen rick at linuxmafia.com
Wed Sep 28 16:40:16 PDT 2011


Quoting Nick Moffitt (nick at zork.net):

> The sad part is, this kind of overfeaturedness is exactly the sort of
> thing that Unix Philosophy proponents have been arguing *against* for
> many years.  Alas, this particular ship has sailed, and AppArmor's
> "firewall for access to local files" model appears to be the Least Bad
> option for the decade we live in.

For those who run things like Evince, yes.  Personally, I regard xpdf as
exactly the right tool for the purpose.  (The antediluvian Motif look
doesn't offend me.)

As to AppArmor, I'm torn between admiration for a good, reasonably 
understandable local hardening tool, on the one hand, and mild distaste
for extra complexity and for (arguably) addressing the wrong problem, on
the other.  My knee-jerk instinct is that I'd rather the same effort
went into stripping superfluous routines and improving input validation
for the relatively few tools _actually_ required to handle public data
(favouring simpler, well written tools in so doing), and that baroque
security wrappers will make app debugging all the more painful.

On the latter point, you know how one of the questions you always have
to ask a Linux novice encountering strange network problems is 'Does it
still happen if you do "/sbin/iptables -F" as the root user and try
again?'  It seems like we'll have to start asking 'Do you still have
that $APPFOO problem if you mv /etc/apparmor.d/usr.bin.$APPFOO into 
/etc/apparmor.d/disable/ and then do "/etc/init.d/apparmor restart"
as the root user?' 

It's also not unknown for extra layers intended to improve security to
_introduce_ security problems.  Ceteris paribus, I prefer fewer layers
and less code, anywhere that security matters.

> Right now the thing I fear most is the fact that every low-powered
> device out there will soon have enough oomph to run Javascript-heavy
> pages without missing an interrupt.  At that point the *only* people
> left without JS on globally will be the tinfoil hat types like myself,
> and you'll no longer be able to wave a "what about accessibility?" flag
> or claim the poor can't afford JS.  

NoScript with RequestPolicy and AdBlock Plus (and HTTP Everywhere) are 
sufficing for me, for now.





More information about the conspire mailing list