Eero Tamminen wrote:
> Hi,
>
> ext Aniello Del Sorbo wrote:
>> Marius Gedminas wrote:
>>> On Mon, Feb 12, 2007 at 08:13:47PM +0000, Neil MacLeod wrote:
>>>> Richard Pickler wrote:
>>>>> The second time, I was installing some packages I built myself,
and it crashed, which I could not recover from. (this one I'll take the
blame for).
>>>> Why should you take the blame? This is a consumer oriented device
and software installation is promoted as a user feature - it should not
brick the device, period!
>>>
>>> I'm pretty sure you can install apps from the tableteer certified
>>> repository without bricking the device.
>>>
>>> It's impossible to prevent packages from other repositories from doing
>>> so. Package installation can runs arbitrary scripts as root, and you
>>> can't prevent root from destroying a Linux system. (Well, maybe if you
>>> lock it down with capabilities/SELinux/something else, but it's hard to
>>> do so without making unable to do anything useful.)
>>>
>>
>> Why?
>> On the tablet you just install apps. Why should the installer need
to be root to do so?
>> A properly configured device (as it should have been) should NEVER
ask for root permissions.
>
> dpkg runs as root and it installs the packages under root rights.
> Badly done package can therefore very easily[1] make the device
> go into reboot-loop.
>
> [1] For example by filling the disk in postinst script and not cleaning
> it up, overwriting or removing some required system file etc.
>
I know it can be done and that that can brick a device. I am pretty
aware of this. My point is that it can be avoided.
--
anidel
_______________________________________________
maemo-users mailing list
[email protected]
https://maemo.org/mailman/listinfo/maemo-users
