I agree that chicken-install should not use sudo. The implicit invocation of sudo violates the principle of least astonishment, and presents a potential risk for users who do not understand the security implications of this approach.
I opposed the inclusion of the sudo mis-feature in chicken-setup, but it nevertheless got included into chicken-install without much discussion on the mailing list. When in sudo mode, chicken-install tries to minimize sudo invocations by only calling it for filesystem operations, such as cp and mv, but this results in the possibility of command spoofing on systems where sudo has not been built with the SECURE_PATH option. Some Linux distributions, such as Debian, have sudo built with reasonably secure defaults, but there is no way to guarantee this for all systems on which chicken-install is run. The sudo mode is bad idea, has no precedent in similar systems, such as PLT Scheme and Hackage, and should not be used. -Ivan Aleksej Saushev <[email protected]> writes: > Hello! > > John Cowan <[email protected]> writes: > >> Currently when you install an egg with many dependencies using the -s >> (sudo) switch, you have to wait to enter your password until the first >> time chicken-install invokes sudo. If, on detecting the -s switch, >> chicken-install immediately ran "sudo -v", the password would be requested >> at the top. This variant of sudo does not run any command. >> >> Older sudo's that don't understand -v will just report an error, and no >> harm done. > > No, chicken ought not to use sudo, which is non-standard and unavailable > on all non-gnu platforms, unless you install it. And there're many users > around who don't use sudo at all since PAM provides enough functionality. > I don't know about corresponding BSDauth solution, but I'm almost sure > there's one. > > If you can provide plan with single authentication point and installing > all built packages at once, that would be nice. Otherwise, just don't > enforce sudo. > > As for me, I don't think that giving sudo privileges to chicken-install > is good idea, since it may do too much under the hood and you're not > even warned by password prompt. _______________________________________________ Chicken-users mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/chicken-users
