Sudo even more secure

Jerry Haltom wasabi at
Sat Mar 25 00:57:17 GMT 2006

I suspect dpkg + fakeroot works, with the obvious considerations.

On Sat, 2006-03-25 at 01:37 +0100, Eric Feliksik wrote:
> Jan Claeys wrote:
> > Again: I do *not* propose a system for allowing every user to install
> > programs.  A "solution" for that "problem" can be found in e.g. the
> > 'Klik' system[1].
> > 
> > What I propose is that apt & dpkg shouldn't have to run as root to
> > install normal applications.  I propose that it runs as a *less*
> > privileged user to minimise the damage it can do.
> > 
> > 
> > [1] <>
> > 
> Ok, a "less priviledged user", so let's say it can install stuff that is 
> optional (not necessary for the system to function), and can provide 
> programs a user *might* choose to use.
> Look at Windows Vista, those guys are making some Filesystem 
> virtualisation to have a different "Program Files" thing for every 
> program, so they can deny write access to the real Program Files and 
> still make programs that want write access happy.
> Anything is possible, but it's a burden to implement. The reason no-one 
> does it is that people don't really see a problem in the current 
> situation. There are a lot of security issues, but I'm afraid none of 
> them is really solved by your proposal.
> Cheers,
> Eric

More information about the ubuntu-devel mailing list