Re: Simplifying package installation.

From: Miguel de Icaza <miguel gnu org>
To: justin slashdot org
CC: gnome-hackers nuclecu unam mx, gnome-devel-list gnome org
Subject: Re: Simplifying package installation.
Date: Thu, 26 Aug 1999 13:15:58 -0500


> what about the fact that rpm and other package managers (i know at least dpkg) 
> allow for installs to user-specified directories? i have never done this, but 
> it i know it is possible. i'm not sure about still needing root or not, but 
> (and i'm thinking as i write), it seems to me like it would be a good idea 
> for rpm to support per-user rpmdb's. that way, i can just do rpm -Uvh 
> gnumeric.rpm and it can check my rpmdb and the sys rpmdb for dependencies, 
> etc.

RPM needs root access.

Do we want to let random people have access to the rpm database?

Are we going to make our front-end setuid?

This is the source of most SGI IRIX security holes: the GUI tools that
granted root access for installing a package had too many holes in
there.

Miguel.

Follow-Ups:
- Re: Simplifying package installation.
  - From: James Aylett

References:
- Simplifying package installation.
  - From: Miguel de Icaza
- Re: Simplifying package installation.
  - From: Justin Maurer

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]