Well, when I saw the start of this thread, I was going to make the following point. But, I see David already touched on it. Nevertheless, I'm going to repeat it.
Besides any technical reasons, this is an ethical problem. If you can not get root privileges on a PC, then the computer does not belong to you. If the computer does not belong to you, then, ethically, you need the permission of the owner of the computer to install any software on that computer. So, either the owner of the computer will give you permission to install it and help get it installed using whatever mechanism is in place. Or, the owner of the computer will not give you permission. In which case, ethically and morally you shouldn't install the software to begin with. -- Mark Miesfeld On Mon, Jul 13, 2009 at 6:46 AM, David Ashley<david.ashley....@gmail.com> wrote: > All - > > Having rxapi run as a system daemon is an absolute necessity on *nix > systems. This is the only way to get reliable and secure communications > between processes without needless overhead. > > The old shared memory communications mechanism was a disaster waiting to > happen. Not only was it CPU intensive but it left security holes a mile > wide. It is not a good idea to have one user process service requests > for another user process. That is a security violation of the highest > order and that is exactly what happened in that model. With the root > user processing all user requests we at least get the chance to reject a > request that might violate some security rule. Currently we don't have > requests like that available but at least with a root daemon processing > all requests we get the chance to implement that kind of mechanism in > the future. > > Now one last point. To install ooRexx at all as system provided software > you have to install the binaries in protected locations like /usr/bin > and /usr/lib. You typically need root permission to do this for very > good security reasons. Thus installing rxapi as a root/system daemon is > no big deal under those restrictions. Trying to install ooRexx as single > user software is not a good idea for a number of reasons but the point > is that if you are not allowed to perform a system installation of > ooRexx on a machine then there is probably a security policy in place > that would not allow you to install ooRexx as user software as well. In > every customer account I have dealt with these policies are joined at > the hip. If you can't install system software you will also not be > allowed to install user software. > > Security cannot be looked at from a single policy perspective. You have > to step back and consider the big picture and the impacts of all > decisions. This is very hard for people used to dealing with Windows > which no matter what Microsoft claims is a single user system. > Multi-user system are a far different animal and security policies that > make sense in one environment can be either useless or a disaster in > another environment. > > The only way for ooRexx to gain acceptance in the larger user community > is to ensure that it gets installed and made available by default on as > many systems as possible. We simply cannot do that without the *nix > distributors help. Just making ooRexx available to individual users in > that environment is not a strategy that will increase our market share. > Making sure we have a secure, reliable and advantageous interpreter will > get us the notice we need from distributors, administrators and > programmers and that will ensure our success. > > David Ashley > > ------------------------------------------------------------------------------ > Enter the BlackBerry Developer Challenge > This is your chance to win up to $100,000 in prizes! For a limited time, > vendors submitting new applications to BlackBerry App World(TM) will have > the opportunity to enter the BlackBerry Developer Challenge. See full prize > details at: http://p.sf.net/sfu/Challenge > _______________________________________________ > Oorexx-devel mailing list > Oorexx-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/oorexx-devel > ------------------------------------------------------------------------------ Enter the BlackBerry Developer Challenge This is your chance to win up to $100,000 in prizes! For a limited time, vendors submitting new applications to BlackBerry App World(TM) will have the opportunity to enter the BlackBerry Developer Challenge. See full prize details at: http://p.sf.net/sfu/Challenge _______________________________________________ Oorexx-devel mailing list Oorexx-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/oorexx-devel
