[TAG] Locking down a Linux box
Kapil Hari Paranjape
kapil at imsc.res.in
Tue Jun 13 14:50:28 MSD 2006
Hello,
On Tue, 13 Jun 2006, Thomas Adam wrote:
> On Tue, Jun 13, 2006 at 12:08:33PM +0530, Kapil Hari Paranjape wrote:
> > 2. I presume you want the transient windows to emerge with focus in
> > the centre of the screen. If your app has transient windows that
> > don't behave well with WM_HINTS then you must exclude ratpoison. (For
> > example GIMP and ratpoison do not get along).
>
> Eh? Then ratpoison can't be ICCCM compliant in that case -- or if it
> claims to be, then it's deluded. The ICCCM is quite clear about how
> transient window are to be handled. Note also that WM_HINTS (as an XAtom)
> has nothing to do with a window set as transient -- that's what the
> "WM_TRANSIENT_FOR(WINDOW)" XAtom details.
Sorry. This is more a case of my mis-prepresentation of "ratpoison"
rather than any faults of "ratpoison" per se. I used the term
"WM_HINTS" without understanding it fully.
However, it is a fact that "ratpoison" and "gimp" do not get along---I
do not know enough to assign blame to either or both.
> > 4. Finally you want to disable the running of any other applications .
> > This suggests that the path be restricted using "rbash" as the shell .
>
> Or, as my reply alludes to, just don't allow a terminal emulator to run at
> all.
True enough.
I looked at your detailed reply to Faber and it looks far more
complete than the half-baked stuff I wrote up. It *is* interesting
to see that FVWM lives upto its promise of being the "one wm to bind
them all".
Regards,
Kapil.
--
More information about the TAG
mailing list