Eero Tamminen wrote: > Hi, > > ext Aniello Del Sorbo wrote: >> Marius Gedminas wrote: >>> On Mon, Feb 12, 2007 at 08:13:47PM +0000, Neil MacLeod wrote: >>>> Richard Pickler wrote: >>>>> The second time, I was installing some packages I built myself, and it crashed, which I could not recover from. (this one I'll take the blame for). >>>> Why should you take the blame? This is a consumer oriented device and software installation is promoted as a user feature - it should not brick the device, period! >>> >>> I'm pretty sure you can install apps from the tableteer certified >>> repository without bricking the device. >>> >>> It's impossible to prevent packages from other repositories from doing >>> so. Package installation can runs arbitrary scripts as root, and you >>> can't prevent root from destroying a Linux system. (Well, maybe if you >>> lock it down with capabilities/SELinux/something else, but it's hard to >>> do so without making unable to do anything useful.) >>> >> >> Why? >> On the tablet you just install apps. Why should the installer need to be root to do so? >> A properly configured device (as it should have been) should NEVER ask for root permissions. > > dpkg runs as root and it installs the packages under root rights. > Badly done package can therefore very easily[1] make the device > go into reboot-loop. > > [1] For example by filling the disk in postinst script and not cleaning > it up, overwriting or removing some required system file etc. > I know it can be done and that that can brick a device. I am pretty aware of this. My point is that it can be avoided. -- anidel
