Hi,
ext Aniello Del Sorbo wrote:
Frantisek Dufka wrote:
Aniello Del Sorbo wrote:
I mean, if my apps need to be called as "helloworld" and it looks at
a conf file called "helloword.conf", why I have to copy the
executable in /usr/bin and the conf file in /etc while I can just
copy it to /usr/local/bin (owned or writable by 'user) and the conf
file in /usr/local/etc ? (just to give an example) and add
/usr/local/bin to the path?
Yes it was similar except /usr/local was /var/lib/install. And it was
done in such way that no package could ever put file outside of
/var/lib/install (the only way that gives you some additional security
you probably want).
So you had 2 classes of packages (system ones in / and user ones in
/var/lib/install) which made system more complex and prevented you
from making 'system' packages i.e. ones which modifes or extends the
system in interesting way.
Frantisek
I do not want that either.
I am not saying we should run dpkg in a chrooted enviromnent.
I am only saying we should run it with the -x (I think) option that
points to something like /usr/local where user can write. In this case
there would be no need to gain root privileges unless the .deb is a
system package (and the system could ask for a password, a la Mac OS X).
Sorry that I didn't understand you at first.
As it is now, and as I understand it, every .deb can brick my device if
it has been built from a malicious user.
Even something run as user can make the device pretty unusable either
at install time (e.g. by messing up with Gconf keys or removing some
other user configuration / or data files), or at run time by eating
all resources or killing all your apps.
As to the other security aspects, anything you install onto your
(Maemo/Linux/Windows) machine, can spy anything you do (which passwords
you enter to the Browser etc). The warning you get when you install
a new package are there for a reason!
Only thing that helps to this is more and wider testing (and of course
developers being more careful etc).
- Eero
_______________________________________________
maemo-users mailing list
maemo-users@maemo.org
https://maemo.org/mailman/listinfo/maemo-users
