[IAEP] [SLOBS] Long-term support for Sugar

Bernie Innocenti bernie at codewiz.org
Mon Sep 21 18:14:34 EDT 2009


El Mon, 21-09-2009 a las 17:28 -0400, Chris Ball escribió:
> But then every child in Uruguay (plus other deployments that withhold
> root from their users) would hate you 'cause they wouldn't be able to
> install activities anymore.  A solution that results in a significant
> percentage of Sugar's users not being able to download activities
> anymore is not a solution.

Trying to prevent users from gaining superuser privileges seems to be a
misguided technical solution based on ignorance of the UNIX security
model.

However, a solution based on PackageKit would not require root
privileges to control installation of software.  A simplified UI could
be designed to display only Sugar Activities rather than revealing the
full complexity of the system.

Sure, it would still provide an ideal path to let a clever user escalate
to root, but we just need to keep it quiet and those who decided to
withhold root access from users would probably never realize that ;-)


> If we could switch to .rpm *and* find a good way to install .rpms
> without being root, though, that would be pretty compelling.

Besides PackageKit, there are many ways we could bend rpm into doing
what we need.

A 100% non-invasive solution, would consist in writing a suid wrapper
that would check the output of "rpm -qpl WonderfulActivity-42.rpm" for
files outside the designated Activity installation path and then run
"rpm -i --noscripts WonderfulActivity-42.rpm" to install it.

Another possibility would be playing with --root to create a separate
rpm database, and run rpm with user privileges.  There are a bunch of
other options that may help: --prefix, --reloc and --dbpath.

Finally, by resorting to invasive -- but probably upstreamable --
changes to the rpm code, we could make it check dependencies against the
system database and perform an unprivileged installation in the user's
home and recording the package in a user database.

Sounds a bit complicated?  Well, think how much code and complexity it
would let us drop from the Sugar codebase that we currently have to
maintain.  Not to mention how much work it would take to improve it to
the point of actual maturity.

-- 
   // Bernie Innocenti - http://codewiz.org/
 \X/  Sugar Labs       - http://sugarlabs.org/



More information about the IAEP mailing list