Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

Locking Down KDE

URL Restrictions

There are three types of restrictions that can be applied to URLs:

list

To control whether a directory listing is allowed.

open

To control whether certain URLs can be opened

Redirect

To control whether one URL can open another URL, either automatically or via a hyperlink.

Rules are checked in the order in which they are defined. The last rule that is applicable to a URL defines whether the URL may be accessed.

The following rules disable opening http and https URLs outside .ourcompany.com:

[KDE URL Restrictions]
rule_count=2
rule_1=open,,,,http,,,false
rule_2=open,,,,http,*.ourcompany.com,,true
1

The first four commas skip over the selection criteria with respect to the originating URL. This part is only needed with redirect type rules.
2

rule_1 forbids the opening of any http or https URL

3

rule_2 allows the opening of any http and https URL in the .ourcompany.com domain. Note the wildcard * is only allowed at the start of a domain.

The following rules makes that the user can no longer browse directories on the local file system that are outside his $ HOME directory:

[KDE URL Restrictions]
rule_count=2
rule_1=list,,,,file,,,false
rule_2=list,,,,file,,$HOME,true
1

rule_1 forbids the listing of any local directory
2

rule_2 allows listing directories under the users own $ HOME directory.

$ HOME and $ TMP are special values to indicate the users home directory and the KDE temporary directory of the user, e.g. /tmp/kde-bastian

The following rules makes that the user can no longer open local files that are outside his $ HOME directory:

[KDE URL Restrictions]
rule_count=3
rule_1=open,,,,file,,,false
rule_2=open,,,,file,,$HOME,true
rule_3=open,,,,file,,$TMP,true
1

rule_1 forbids the opening of any local file
2

rule_2 allows opening files under the users own $ HOME directory.
3

rule_3 allows opening files in the KDE temporary directory of the user. This is needed by certain KDE applications that first download a file or document to the temporary directory and then open it in an application.

The redirection option controls whether documents from a certain location can refer, either automatically or manually via a hyperlink, to a certain other location. A set of default rules is present as a general security measure. For example documents located on the Internet may not refer to locally stored documents.

For example, if we want to give the intranet-server www.mycompany.com the possibility to refer to local files we could add the following rule:

[KDE URL Restrictions]
rule_count=1
rule_1=redirect,http,www.mycompany.com,,file,,,true

Instead of listing a protocol by name, it is also possible to specify a whole group of protocols. For that the following groups have been defined:

:local

Protocols that access locally stored information, examples are file:/, man:/, fonts:/, floppy:/

:internet

Common internet protocols such as http and ftp

Information about protocols is stored in *.protocol files stored in $ KDEDIR /share/services.

The Class = entry defines the group a protocol is part of: grep Class= $ KDEDIR /share/services/*.protocol

General rules:

  • The :local protocols may refer to any other protocol

  • It's always allowed to refer to an :internet protocol

  • Not all protocols are part of a group, fish:/ for example.

Action Restrictions�
�Configuration Modules
Up



 
 
  Published under the terms of the GNU General Public License Design by Interspire