[plug] Prevent downloads
Craig Ringer
craig at postnewspapers.com.au
Thu May 8 11:42:09 WST 2003
> What is it that you can
> impose a 0 byte limit on? Is it based on MIME types and trust in the
> host web server to deliver truthful/correct MIME types?
Arrggh. I wouldn't even think about that. The number of servers that
send text/plain for:
.bz2
.arj
.deb
.rpm
and (most worrying perhaps that I've encountered)
.pdf
is scary.
Now, to be strictly accurate, a 0byte limit on dl sizes would be /very/
effective indeed. Unfortunately, I don't think the side-effects would be
overly desireable (no web access at all).
> Unless these people need to view PDF files...or games disguised as PDF
> files :)
Flash games are another issue. Personally I'm happy they're around,
because when someone brings their child into work and sits them down on
a 'doze box, they can happily potter out to their favourite site and
play things WITHOUT MESSING WITH THE COMPUTER. (there's just no way of
stopping them doing this, they just don't understand that children may
install things that cause problems - and locking down win98 isn't a
practical option).
> Perhaps
> http://www.rsbac.org/? Perhaps the simplest method could be to put all
> user-writeable areas (incl. /tmp, /var/tmp, /home, etc) into mount
> points that don't have binary execution privileges. Can't prevent
> downloading, but would prevent execution (albeit with possibly
> unintuitive error messages?).
Actually, "permission denied" is almost exactly the error I'd want.
Other than "quit trying to use the PCs for gaming you little turd" of
course *grin*
Unfortunately, I think the question was about 'doze clients, so I'm not
entirely sure why its on PLUG. Whatever.
More information about the plug
mailing list