Windows fails to enforce Security Policies for drives access
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Inkscape |
Fix Released
|
Low
|
Joelholdsworth |
Bug Description
When selecting to open a file, Inkscape allows a user
to see drives that are to be hidden with Windows
Server Group Policies. The software appears to be
using a component that does not follow the security
Microsoft Windows security model. Applications such
as OpenOffice do not have this issue. This issue has
appeared in older psuedo windows applications which
appear to have their own components loading that
interact with the system.
Why would this be important? Let's say you want to
provide terminal server sessions with users having
access to Inkscape for general drawing usage. With
the current security model Inkscape bypasses one of
the nice features setup by the administrator to secure
the server.
Group Policy information:
Administrative Template - Windows Components/Windows
Explorer
Hide these specified drives in "My Computer"
(Restrict A, B, C, D)
Prevent Access to drives from "My Computer"
(Restrict A, B, C)
Changed in inkscape: | |
status: | New → In Progress |
you got it all wrong, not inkscape does these things,
inkscape only uses the Gtk+ UI library which does these
things, so please report this upstream with the Gtk+ folks
if you deem this such an important issue.
why Windows wouldn't just hide the hidden files from
applications is beyond me, but then, there appears to be a
pattern with Windows and security.