[plug] Prevent downloads

James Elliott James.Elliott at wn.com.au
Thu May 8 13:55:05 WST 2003


The PC's in the Telecentre in question need to access Hotmail for tourists
and the Internet on a Read and (maybe) Print only basis .... there is no
need to download any executable file ....but school kids are doing it !

So the question is "How to browse the Internet, including Hotmail, without
allowing users to download files" - even Outlook Express type mail is not
needed, just web mail like Hotmail.

James Elliott
----- Original Message ----- 
From: "Craig Ringer" <craig at postnewspapers.com.au>
To: <plug at plug.linux.org.au>
Sent: Thursday, May 08, 2003 11:42 AM
Subject: Re: [plug] Prevent downloads


> > What is it that you can
> > impose a 0 byte limit on? Is it based on MIME types and trust in the
> > host web server to deliver truthful/correct MIME types?
>
> Arrggh. I wouldn't even think about that. The number of servers that
> send text/plain for:
> .bz2
> .arj
> .deb
> .rpm
> and (most worrying perhaps that I've encountered)
> .pdf
> is scary.
>
> Now, to be strictly accurate, a 0byte limit on dl sizes would be /very/
> effective indeed. Unfortunately, I don't think the side-effects would be
> overly desireable (no web access at all).
>
> > Unless these people need to view PDF files...or games disguised as PDF
> > files :)
>
> Flash games are another issue. Personally I'm happy they're around,
> because when someone brings their child into work and sits them down on
> a 'doze box, they can happily potter out to their favourite site and
> play things WITHOUT MESSING WITH THE COMPUTER. (there's just no way of
> stopping them doing this, they just don't understand that children may
> install things that cause problems - and locking down win98 isn't a
> practical option).
>
> > Perhaps
> > http://www.rsbac.org/? Perhaps the simplest method could be to put all
> > user-writeable areas (incl. /tmp, /var/tmp, /home, etc) into mount
> > points that don't have binary execution privileges. Can't prevent
> > downloading, but would prevent execution (albeit with possibly
> > unintuitive error messages?).
>
> Actually, "permission denied" is almost exactly the error I'd want.
> Other than "quit trying to use the PCs for gaming you little turd" of
> course *grin*
>
> Unfortunately, I think the question was about 'doze clients, so I'm not
> entirely sure why its on PLUG. Whatever.
>
>
>




More information about the plug mailing list