Re: Simplifying package installation.

Resending. Sorry if it eventually shows up twice...

On Thu, 26 Aug 1999, Miguel de Icaza wrote:
: RPM needs root access.
: Do we want to let random people have access to the rpm database?
: Are we going to make our front-end setuid?
: This is the source of most SGI IRIX security holes: the GUI tools that
: granted root access for installing a package had too many holes in
: there.

Okay, I see. You're looking at your situation, where you have an site you
admin, and you want the users (300 or so, you said?) to be able to add
packages to their personal environment without being root. I'm thinking of
Mr. and Mrs. Smith, with their home computer, where they're going to
occasionally need to do root stuff to get the results they expect.

Your App tarball solves the first situation. For the second, I think it
would still be okay to have a setuid package installer. The safety issues
of this have already been kicked around repeatedly in other threads. It's
okay if you do it right - IRIX GUI tools suck because they were poorly
written - the idea of a privileged GUI tool is not flawed in itself.

Am I making sense?

	- A

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]