Re: KLIK - Userspace Software Installation
Am Donnerstag 11 Oktober 2007 07:30 schrieb Andreas Tille:
> What about forgetting this thought?
Dear Andreas, I nearly am. But the more I google for security + klik +
linux, the more I wonder: Is there hard facts that proving KLIK's
harmfulness - or is it just a prejudice against easy-to-use systems?
has got some comments like this: "As a bonus, the linked application
only runs with the user's privilege level. That means if it's a
malicious app, it won't hose the whole system, and security/recovery
becomes much easier."
It also seems to be usable (i.e. installable) from any Linux system
without root rights.
Kurt Pfeifle states at http://dot.kde.org/1126867980/
"If you are bit security concerned, you may want to know what klik does
to your system. Here's the pitch:
* Its .cmg files are self-contained AppDirs (applications
directories), compressed into a cramfs or zisofs file system.
* To run the contained app, klik mounts the bundle file
underneath /tmp/app/1/ and runs it from there; if mounted, the bundle
looks like it is a subdirectory expanded into the real directory
structure of the host.
It's very much similar to how applications on Mac OS X works....
If you are even more cautious, or paranoid, you surely want to
investigate more closely and see how klik operates on your system.
Follow these steps to find out more details:"
"klik's smartness is all contained in a few shell scripts and typical
KDE config files, as you can easily see...
For most of the 4000+ packages available from the klik warehouse,
the "download" consists of a "recipe". The recipe tells the klik client
where to fetch the binaries from (in most cases .deb packages from the
official Debian repositories), how to unpack them, and how to
re-package and compress them into the final .cmg image. So the klik
client does most of the work and builds its own .cmg file in most
"I also know that I definitely would love to get quick access to kpdf,
KWord, amaroK, Quanta and Kommander snapshots which I can run on my
stable [Debian] system with the reassuring feeling that the most that
can go wrong is that the test app doesnt run at all, and all I had to
do is just delete it again, to have my system reverted to its original