Sudo even more secure

[Étienne Bersac]

Hello,

> Ok, a "less priviledged user", so let's say it can install stuff  
> that is optional (not necessary for the system to function), and  
> can provide programs a user *might* choose to use.
> Look at Windows Vista, those guys are making some Filesystem  
> virtualisation to have a different "Program Files" thing for every  
> program, so they can deny write access to the real Program Files  
> and still make programs that want write access happy.
> Anything is possible, but it's a burden to implement. The reason no- 
> one does it is that people don't really see a problem in the  
> current situation. There are a lot of security issues, but I'm  
> afraid none of them is really solved by your proposal.

You're right. Even more, currently, users can install what they want  
with autopackage or autotools in their $HOME (e.g. --prefix= 
$HOME/.programs). They just have to had $HOME/.programs/bin to their  
path. Do we have to enable installing for other users ? This is quite  
the %admin job !

Étienne;