Request For Candidates: Application Review Board

Luke Faraone luke at
Thu Aug 26 16:15:01 BST 2010

On 08/26/2010 10:59 AM, Marc Deslauriers wrote:
> Installing an application with user privileges is a bad idea.
> Application software should not be vulnerable to tampering, either
> accidentally by the user himself, or by malware running in the user's
> security context. This will make the apps installed via the app store
> unreliable and susceptible to be trojaned.

That makes sense, but we do want to make it possible (most of the time)
for unprivledged users to install new applications, as long as those new
applications don't provide any avenue for the user to elevate their
privledges. Maybe a non-user-controllable / -modifiable, but
user-initiated install path would be useful for a certain class of
applications. (without publishing the application for all users of the

> One of the reason that Linux
> is more reliable than other operating systems, is that a user can only
> muck up his own directory. Let's not mess this up by using security as a
> pretext.

Of course, on a single-user-system, $HOME is where all the interesting
stuff is. If malware were to execute as a user, that malware can then do
anything the user can do, and watch the same user, say, log in to her
banking site, or enter a root password.

│Luke Faraone                          ╭Debian / Ubuntu Developer╮│
│                ╰Sugar Labs, Systems Admin╯│
│PGP: 5189 2A7D 16D0 49BB 046B  DC77 9732 5DD8 F9FD D506          │

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
Url : 

More information about the ubuntu-devel mailing list