The following requirements had to be met:
The user should not be able to open an interactive shell
(Terminal), or run arbitrary commands,
The user should not have a view to the filesystem, so no
filemanager,
The user should not be able to modify or create files
directly by means provided by KDE (no editor, menuedit, etc.).
Note that these are not requirements for the applications that run under KDE.
Every application should make sure by itself, that these requirements are met.
It is known, that of course many applications have an Open File Dialog, and
thus could modify Files under .kde and so make it possible to run arbitrary
commands.
The restrictions should only apply when an environment variable
KDE_MODE is
set to ``restricted''. If it is not set, a normal KDE Desktop should open.
It follows, that the user can only run applications that are found in
the Application menu. So the administrator must be able to provide the
applications. A tool is needed to add, remove and modify entries in
the menu.
