Hey Rainer, I mean, most users already run the port command as root. Any security > vulnerability that can be exploited in the GUI would most probably also be > exploitable from the command line when running with 'sudo port'. Or what > kind of > vulnerability do you have in mind?
It'd most likely be more insecure due to the fact that Pallet has a constant Tcl shell running in the background, as well as it's running the entire GUI framework as root. That would be very unfortunate. I would see the GUI as a way to give users > easier access to MacPorts without the need to use the Terminal. Opening an > app > bundle should be the preferred way in my opinion. In order to achieve that, I'd have to replace the current authorization framework (option 1 of the original email). The only other option is that I may be able to get a launcher type script working (double-click and a "GUI-sudo" would launch Pallet as root). -Kyle On Fri, Aug 7, 2015 at 1:34 PM, Rainer Müller <rai...@macports.org> wrote: > On 08/07/2015 09:18 PM, Kyle Sammons wrote: > > That's right. I don't think it is unsolvable, just a lot of work to > > figure it out, but the solution we implement here could also be used > for > > other applications. It might be worth the effort to have this. > > > > > > I'm not sure too many other people would be able to benefit from it as > the > > issues we're having isn't so much with automatically generating a > self-signed > > certificate (that part is already written), but getting that to work > within the > > MacPorts build system. > > Hm, but wouldn't that be helpful for other ports installing .app bundles? > Maybe > I don't have enough knowledge here to decide whether it is really useful. > > > There would not be any new functionality in the graphical frontend > that > > could not also be exploited in 'sudo port' from the command line, > right? > > > > > > I'm not sure what you mean by that. Would you mind rewording it? > > I mean, most users already run the port command as root. Any security > vulnerability that can be exploited in the GUI would most probably also be > exploitable from the command line when running with 'sudo port'. Or what > kind of > vulnerability do you have in mind? > > > Would I have to type 'sudo pallet'? Will I be able to start the > > > > application from an app bundle? > > > > > > Currently yes, unless there's a way to launch an app bundle with > superuser > > privileges that I'm unaware of. > > That would be very unfortunate. I would see the GUI as a way to give users > easier access to MacPorts without the need to use the Terminal. Opening an > app > bundle should be the preferred way in my opinion. > > Rainer > >
_______________________________________________ macports-dev mailing list macports-dev@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/macports-dev