[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: KLIK - Userspace Software Installation

On Thu, 11 Oct 2007 23:24:53 +0200, Herman Robak <herman@skolelinux.no> wrote:

On Thu, 11 Oct 2007 16:30:31 +0200, RalfGesellensetter <rgx@gmx.de> wrote:

Am Mittwoch 10 Oktober 2007 22:22 schrieb Herman Robak:
  Does Klik do any sandboxing?  And which part enforces the
sandboxing; the system support binaries (whatever they are) or the
package itself?

Dear Herman,

thanks for your warning reply. I take it quite serious (and actually
have been cautious before). However I wonder what difference KLIK does
make compared to a

apt-get source myfavorite

 I forgot one detail...  You just did apt-get source!  Where does apt
download packages from?  To edit /etc/apt/sources.list you have to be
root.  We assume that the sources in sources.list are benign.

 I think a valid comparison would be downloading a tarball from a
site other than debian.org, and unpacking/running that.  A tarball
works around the file permissions hurdle, as the files within can be
set executable.

 This is actually a concern.  Could we devise some kind of sandboxing
for user executables that are not managed by the administrator?

Herman Robak

Reply to: