search

google-code-export / o3d

Automatically exported from code.google.com/p/o3d
0 stars 0 forks source link

Requires administrator access to install #110

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Double click the meta package icon
2. Notice that it requires entering administrator credentials to install.

There is no reason for a browser plugin to require administrator credentials to 
install.
The package format introduced with Leopard allows for User Home Folder 
installation, and a little 
tweaking allows the same for previous packages version.

Requiring administrative privileges to install a browser plugin creates a 
number of security holes 
that are neither acceptable nor required:
- nothing proves that google package is harmless and giving it administrative 
access is thus 
dangerous
- if the plugin files permissions are not set properly (ie, suid flag) then web 
sites can leverage the 
plugin to gain administrative access to the computer by exploiting its 
potential security holes

Please, comment on your blog why you took the decision to require 
administrative access to 
install a simple browser plugin, and take steps to revert to a normal, more 
secure setup.

Cheers,
Laurent Giroud

Original issue reported on code.google.com by laurent.giroud@gmail.com on 8 Aug 2009 at 1:17

GoogleCodeExporter commented 9 years ago

Original comment by vange...@google.com on 16 Sep 2009 at 5:34