After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 524522 - Add lockdown key for disabling url-handlers
Add lockdown key for disabling url-handlers
Status: RESOLVED FIXED
Product: libgnome
Classification: Deprecated
Component: general
unspecified
Other Linux
: Normal normal
: ---
Assigned To: libgnome maintainer
libgnome maintainer
Depends on:
Blocks: 524523 524526
 
 
Reported: 2008-03-26 18:32 UTC by William Jon McCann
Modified: 2008-05-07 10:41 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
patch (1.18 KB, patch)
2008-03-26 18:35 UTC, William Jon McCann
none Details | Review
updated patch (1.18 KB, patch)
2008-03-31 22:55 UTC, William Jon McCann
accepted-commit_now Details | Review

Description William Jon McCann 2008-03-26 18:32:08 UTC
AFAICT, currently, if we want to lock-down the desktop's handling of URLs we have to try to figure out all the possible keys to lockdown via /desktop/gnome/url-handlers/*.  It would be useful to have a /desktop/gnome/lockdown/disable_url_handlers key that would disable them all.  

We'll need to add support to gvfs and gnome-vfs for this.
Comment 1 William Jon McCann 2008-03-26 18:35:27 UTC
Created attachment 108078 [details] [review]
patch
Comment 2 William Jon McCann 2008-03-31 22:51:16 UTC
In bug #524526, Alex suggests calling this disable_application_handlers instead since it should probably also prevent a mime type handler launching as well.  Will update patches...
Comment 3 William Jon McCann 2008-03-31 22:55:38 UTC
Created attachment 108380 [details] [review]
updated patch
Comment 4 Kjartan Maraas 2008-04-01 08:58:45 UTC
So what's the right order here? If others are waiting for libgnome I'm fine with adding this as long as everyone agrees it makes sense :-) I think we have to branch first though?
Comment 5 Christian Neumair 2008-04-27 18:20:20 UTC
Reopening. The patch has not yet been committed.
Comment 6 Christian Neumair 2008-04-27 22:51:00 UTC
What is the purpose of application handling lockdown, i.e. in what operation environment is this required?

How does it prevent users from calling the applications they may access from console, and running them with the desired URIs?
Comment 7 Matthias Clasen 2008-04-28 01:07:10 UTC
We need it on the login screen, where we don't want a not logged in user to run e.g. a web browser
Comment 8 Kjartan Maraas 2008-05-07 10:41:39 UTC
Commited for real this time.