To comment on the following update, log in, then open the issue: http://www.openoffice.org/issues/show_bug.cgi?id=93447 Issue #|93447 Summary|/usr files (Solaris) should not be modified at install |ation Component|Installation Version|OOo 2.4.1 Platform|Sun URL| OS/Version|Solaris Status|UNCONFIRMED Status whiteboard| Keywords| Resolution| Issue type|DEFECT Priority|P3 Subcomponent|ui Assigned to|of Reported by|cpmonger
------- Additional comments from [EMAIL PROTECTED] Wed Sep 3 23:52:22 +0000 2008 ------- ISSUE: OpenOffice installation processes on Unix (Sun Solaris) currently assume /requires superuser (root) authority. While this may or may not be wise or easily rectifiable (re Solaris pkgadd) it poses both practical systems administration and serious security risks. DETAILS: -- Operating System (OS) update or re-installation is episodic, takes no account of applications, writes over any application changes, and for practicality should be administratively de-coupled from application maintenance. De-coupling is imperative for large-scale, multi-user servers running 7/24/365. -- Security of the OS is indeterminate and thus at risk if any application, not all so proper as OpenOffice, are permitted to access and change the OS at will. Application access, particularly to /usr -- which should be in a separate partition set read-only -- puts the entire system and all user data at risk. While not explained in detail, limited OS access is in accord with the "least privilege" principle of security. EXAMPLES: /usr/dt/appconfig/types/C/... --> /etc/dt/appconfig/types/C/... /usr/bin/... --> /opt/bin/... RECOMMENDATION: Recommend confining any OpenOffice installation file additions, subtractions, or modifications, to /etc only, or better yet to /opt, /opt/bin, /opt/etc, etc. RELATED ISSUE: OpenOffice installation and operation as an application user:group (office:office?) rather than root:root is a related issue. Thank you. --------------------------------------------------------------------- Please do not reply to this automatically generated notification from Issue Tracker. Please log onto the website and enter your comments. http://qa.openoffice.org/issue_handling/project_issues.html#notification --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
