Requires administrator access to install

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Double click the meta package icon
2. Notice that it requires entering administrator credentials to install.

There is no reason for a browser plugin to require administrator credentials to 
install.
The package format introduced with Leopard allows for User Home Folder 
installation, and a little 
tweaking allows the same for previous packages version.

Requiring administrative privileges to install a browser plugin creates a 
number of security holes 
that are neither acceptable nor required:
- nothing proves that google package is harmless and giving it administrative 
access is thus 
dangerous
- if the plugin files permissions are not set properly (ie, suid flag) then web 
sites can leverage the 
plugin to gain administrative access to the computer by exploiting its 
potential security holes

Please, comment on your blog why you took the decision to require 
administrative access to 
install a simple browser plugin, and take steps to revert to a normal, more 
secure setup.

Cheers,
Laurent Giroud

Original issue reported on code.google.com by laurent.giroud@gmail.com on 8 Aug 2009 at 1:19

[GoogleCodeExporter]

Original comment by vange...@google.com on 16 Sep 2009 at 5:34

[GoogleCodeExporter]

Issue 110 has been merged into this issue.

Original comment by vange...@google.com on 16 Sep 2009 at 5:34

[GoogleCodeExporter]

This is not a bug. The vast majority of Mac browser plug-ins install in 
/Library and are available to all users after 
one install. This requires admin rights. A single install is less confusing, 
and gives one binary to auto-update 
rather than multiples. 

Original comment by m...@google.com on 22 Sep 2009 at 9:03

• Changed state: Invalid

[GoogleCodeExporter]

It is a bug, a security risk and an invasion of one's rights to administer 
one's computer as they wish.

* Not all users have access to the administrative account of their computer, 
for privacy or security reasons. 
Google 'do no evil' motto would imply that you respect these users' rights to 
install your software on their 
computer under their own account.
* This is a security risk, unless you can mathematically prove that your 
software is faultless, installing it with 
administrative priviledges is inherently dangerous.

Plus, your argument is fallacious, false, and technically wrong:

* The majority isn't right, especially when security is concerned. The majority 
of desktop computers run 
windows, does google consider forcing windows on their developers ?
* The vast majority of Mac browser plug-ins doesn't require administrative 
rights, Firefox plug-ins which are 
absolutely compatible with Safari don't require any admin rights. I really hope 
that as a developer you already 
know that.
* Installing the plug-in under the user account doesn't require any additional 
install. The whole set of Mac OS 
X system folders can be replicated under the user's home account and work 
perfectly: daemons, login items, 
launchd processes, browser plugins, mail plugins, etc. you name it. There is no 
exception and I'm sure you 
know it.

There is no valid technical reason for your choice, and attempting to debate it 
is either a proof of 
incompetence or of dishonesty.

Original comment by laurent.giroud@gmail.com on 19 Nov 2009 at 2:04