Re: KLIK - Userspace Software Installation
On Thu, 11 Oct 2007 16:47:36 +0200, RalfGesellensetter <email@example.com> wrote:
Am Donnerstag 11 Oktober 2007 07:30 schrieb Andreas Tille:
What about forgetting this thought?
Dear Andreas, I nearly am. But the more I google for security + klik +
linux, the more I wonder: Is there hard facts that proving KLIK's
harmfulness - or is it just a prejudice against easy-to-use systems?
This is about being easy to _admin_. Installing software may be
considered ordinary "use" on personal computers. But Skolelinux
workstations are not _personal_ computers. They are workstations,
managed by somebody else.
has got some comments like this: "As a bonus, the linked application
only runs with the user's privilege level. That means if it's a
malicious app, it won't hose the whole system, and security/recovery
becomes much easier."
This is a red herring. Normal apps already run with the user's
privilege level. They have to be suid to do otherwise. Of course,
a KLIK app can't be suid, so that limits its ability to hose the
system or other users' files.
A malicious KLIK app will either have to escalate its priviliges
through some unpatched locally exploitable vulnerability (it won't
need a _remote_ exploit, so the possibilities are many!), or push
over a few naive users here and there.
On a many-user workstation it needs a sandbox. Not just a chroot,
but probably a separate X server, to prevent eavesdropping.
It's very much similar to how applications on Mac OS X works....
...which is quite elegant. But it does get messy after a while.
Can you believe it; Mac being messy?! Apple has more skill and
determination when it comes to glossing over mess, and giving the
users an impression that everything is pretty, easy and OK. They
employ many people to do that.
I doubt we can convince the herds of FOSS developers and admins
to do that. Knut Yrvin's reality distortion field is not as strong
as Steve Jobs'.