For what it's worth, whether it's a good security practice or not, pyinstaller is not the moral police. As a tool, it should just work when users ask it to. Arguably, running as root is stupid -- but using that logic the 'rm' command should have a check to make sure you can't do 'rm -rf /'. However, as many have pointed out, there are some environments where you just can't get away from running as root, whether you want to or not (some embedded environments come to mind).
In particular, docker containers typically run as root, though (as in a fakeroot environment) you don't actually have root privileges. This makes it a bit annoying to use pyinstaller from inside a container (and yes, I could install another user and run it there.. but it's a bunch of extra steps). Dustin On Tuesday, June 10, 2014 10:56:53 AM UTC-4, Joachim Metz wrote: > > You could say that and keep complaining about it, in the end not making > anything more secure. > Or alternatively accept the fact and solve the security weakness > differently. > > On Tuesday, June 10, 2014 3:22:17 AM UTC-7, Hartmut Goebel wrote: >> >> Am 06.06.2014 06:57, schrieb Joachim Metz: >> >> He this is the default behavior on Windows for years, and you don't >> have the same restriction there? >> What's up with that? Who's being "insecure"? >> >> >> Yes, this is the behaviour on Windows. But it is insecure, as one can see >> by all the Malware available for Windows. >> >> We have to support his on Windows, because MS is not able or willed to >> solve this problem. It is a burden of the past we have to live with. But >> Unix has a multi-user for decades. If some Linux-Vendors think, it is a >> good idea to downgrade this, I see no reason why we should support this >> crap. >> >> -- >> Schönen Gruß >> Hartmut Goebel >> Dipl.-Informatiker (univ), CISSP, CSSLP >> Information Security Management, Security Governance, Secure Software >> Development >> >> Goebel Consult, Landshut >> http://www.goebel-consult.de >> >> Blog: >> http://www.goebel-consult.de/blog/eine-millonen-aufkleber-fordern-asyl-fur-snowden >> >> Kolumne: >> http://www.cissp-gefluester.de/2012-09-steht-ein-manta-fahrer-vor-der-uni >> >> Goebel Consult ist Mitglied bei http://www.7-it.de/ >> > -- You received this message because you are subscribed to the Google Groups "PyInstaller" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/pyinstaller. For more options, visit https://groups.google.com/d/optout.
