On Thu, 11 Oct 2007 16:30:31 +0200, RalfGesellensetter <rgx@gmx.de> wrote:Am Mittwoch 10 Oktober 2007 22:22 schrieb Herman Robak:Does Klik do any sandboxing? And which part enforces the sandboxing; the system support binaries (whatever they are) or the package itself?Dear Herman, thanks for your warning reply. I take it quite serious (and actually have been cautious before). However I wonder what difference KLIK does make compared to a apt-get source myfavorite
I forgot one detail... You just did apt-get source! Where does apt download packages from? To edit /etc/apt/sources.list you have to be root. We assume that the sources in sources.list are benign. I think a valid comparison would be downloading a tarball from a site other than debian.org, and unpacking/running that. A tarball works around the file permissions hurdle, as the files within can be set executable. This is actually a concern. Could we devise some kind of sandboxing for user executables that are not managed by the administrator? -- Herman Robak