See Microsoft UAC for a classic example of this. But the reality is, you didn’t give them the tools to be smart about the security in the first place, so you shouldn’t have introduced the tool.
That way, when the hapless user gets social-engineered into downloading and running the latest rootkit, you can just shrug and say “it’s the user’s fault, they accepted the certificate!”. This is Microsoft mentality – put in a new whiz-bang feature, but make the actual SECURITY of the feature insanely hard. The point is, you (or whoever) are creating an application to make it totally easy to download and run an app without root permissions, but then you’re saying the security is okay because you have to decide to trust someone, verify their identity (how?) and then accept keys and such to allow the one-click run to happen. Okay, yes, I see that you can trust “someone”, but there’s no real trust model. Sudo apt-get install zeroinstall-injector The system can automatically check for updates when software is run. Each version of each program is stored in its own sub-directory within the Zero Install cache (nothing is installed to directories outside of the cache, such as /usr/bin) and no code from the package is run during install or uninstall. Zero Install is a decentralized installation system (there is no central repository all packages are identified by URLs), loosly-coupled (if different programs require different versions of a library then both versions are installed in parallel, without conflicts), and has an emphasis on security (all package descriptions are GPG-signed, and contain cryptographic hashes of the contents of each version). The user controls which version of the program and its dependencies to use. Any dependencies of the program are fetched in the same way. It takes the URL of a program and runs it (downloading it first if necessary). The Zero Install Injector makes it easy for users to install software without needing root privileges.
0 kommentar(er)
