Frantisek Dufka wrote: > Aniello Del Sorbo wrote: >> I mean, if my apps need to be called as "helloworld" and it looks at a >> conf file called "helloword.conf", why I have to copy the executable >> in /usr/bin and the conf file in /etc while I can just copy it to >> /usr/local/bin (owned or writable by 'user) and the conf file in >> /usr/local/etc ? (just to give an example) and add /usr/local/bin to >> the path? > > Yes it was similar except /usr/local was /var/lib/install. And it was > done in such way that no package could ever put file outside of > /var/lib/install (the only way that gives you some additional security > you probably want). > > So you had 2 classes of packages (system ones in / and user ones in > /var/lib/install) which made system more complex and prevented you from > making 'system' packages i.e. ones which modifes or extends the system > in interesting way. > > Frantisek > I do not want that either. I am not saying we should run dpkg in a chrooted enviromnent. I am only saying we should run it with the -x (I think) option that points to something like /usr/local where user can write. In this case there would be no need to gain root privileges unless the .deb is a system package (and the system could ask for a password, a la Mac OS X). As it is now, and as I understand it, every .deb can brick my device if it has been built from a malicious user. -- anidel
