Request For Candidates: Application Review Board
Marc Deslauriers
marc.deslauriers at canonical.com
Thu Aug 26 16:28:27 BST 2010
On Thu, 2010-08-26 at 11:15 -0400, Luke Faraone wrote:
> On 08/26/2010 10:59 AM, Marc Deslauriers wrote:
> > Installing an application with user privileges is a bad idea.
> > Application software should not be vulnerable to tampering, either
> > accidentally by the user himself, or by malware running in the user's
> > security context. This will make the apps installed via the app store
> > unreliable and susceptible to be trojaned.
>
> That makes sense, but we do want to make it possible (most of the time)
> for unprivledged users to install new applications, as long as those new
> applications don't provide any avenue for the user to elevate their
> privledges. Maybe a non-user-controllable / -modifiable, but
> user-initiated install path would be useful for a certain class of
> applications. (without publishing the application for all users of the
> system)
That is exactly the thing we should avoid. We _don't_ want unprivileged
users to install new applications. On a single user desktop, the user
already has the necessary privileges to install applications. On a
multiuser system you may not want the user to have those privileges. I
have privileges to install applications on my Android phone, why
shouldn't I require privileges on my desktop?
What exactly is the use case for someone who doesn't have administrative
control over a computer to be able to install applications?
Marc.
More information about the ubuntu-devel
mailing list