On Tuesday 13 February 2007 08:38:59 Aniello Del Sorbo wrote:
> Frantisek Dufka wrote:
> > Aniello Del Sorbo wrote:
> >> Yes, and the Application Manager (by looking at the packages flags
> >> somehow) could tell if this is a system app (and thus ask the User to
> >> enter somekind of passphrase) or a user app (thus installing it with
> >> no hassle). Asking the User for a kind of passphrase will give
> >> Application Manager root privileges and thus dpkg could be ran as root
> >> and those apps would install as usual and do their (good) job.
> >
> > And how is this different from the current warning about non Nokia
> > application? I simply fail to see any additional security.
>
> Because people don't usually read warnings and tap OK too fast.
> Entering a passphrase makes them think.
Perhaps on a windows box. I don't use one don't get many popups so I read
them. As for making people think. If you find a way to do that Washington
could use some help.
> If a package is not labeled as a system one, it can be installed without
> even the warning (as it would be installed as 'user').
All apps touch a wide variety of system files. If nothing else, they touch
the debs db. + libraries + config files.. etc.
>
> Again, I am not saying that with that system you are safe.
> There's no way to be safe.
> I am only saying that that system makes it a bit harder to brick the
> device, but my whole point at the beginning was to only tell people that
> dpkg does not require root privileges.
I see your goal, but unfortunately I don't see it working. The first thing
you see most XP/Vista users learn to do is turn off all the pop ups. (often
by installing hack software. Or worse yet they run as administrator.) I
don't feel it's Nokia's job to prevent people from bricking their device. It
is Nokia's job to provide reasonable separation of vetted and non-vetted
packages, It is Nokia's job to provide trustable repositories. But if Nokia
tries to stop people from doing stupid things .... well .... it can't be
done. In a situation where you say "They will never do that" 'that' is
usually the first thing someone does. ("Your instructions never said I
couldn't put my pet poodle in the microwave to dry him off!")
James
>
> The discussion went on and I throwed away this idea that, a part from
> giving a slight (let's call it) safer installation system, COULD give
> the chanche of installing apps on the memory card (and this is totally
> unrelated with the security issue).
> At almost NO additional cost.
Can't execute from a dos FS and IIRC the MMC is dosFS to be compatible with
windows, as a mass storage device.
>
> > So you basically want another similar dialog telling you this package
> > (dropbear) can really mess your system?
>
> No.
>
> --
> anidel
>
> PS: I think we can stop the discussion here :)
> _______________________________________________
> maemo-users mailing list
> maemo-users at maemo.org
> https://maemo.org/mailman/listinfo/maemo-users
