Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Click here to return to the 'Disable Front Row to prevent limited account app access' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Disable Front Row to prevent limited account app access
Authored by: jaaronp on Jan 31, '07 09:49:42AM

This illustrates a major shortcoming of the managed account application restrictions; the restrictions are not actually "User X may not launch application Y" but rather "User X may not launch application Y using the Finder".

My favorite example was using a web browser to launch terminal by attempting to load a telnet:// url. Once in a terminal, the open command could then be used to launch any application.

Currently, I think ACLs could be used to restrict execute permissions for specific users, but there's no nice interface for it.

The MAC framework that's advertised for Leopard (which is based on SEDarwin which is based on SEBSD which is base on SELinux) should provide stronger guarantees and will hopefully be integrated with the System Preferences UI.

[ Reply to This | # ]