Re: Conditionally destination for package
Re: Conditionally destination for package
- Subject: Re: Conditionally destination for package
- From: Bill Coderre <email@hidden>
- Date: Wed, 19 Mar 2014 11:27:55 -0700
In these days of security risks, let me point out that Installer provides an environment variable called INSTALLER_TEMP which points to a secure folder that is created by Installer at the very start of installation, and deleted at the very end.
Please use it instead of /tmp whenever possible!
Why? Let’s suppose that I am a 14 year old who knows that my school is going to install a certain package, and that package writes to /tmp/cookie. So I create a symbolic link from that to, say, a web filtering program. Now when the install happens, the web filter gets deleted. YAY.
On Mar 19, 2014, at 2:45 AM, Stephane Sudre <email@hidden> wrote:
> On Wed, Mar 19, 2014 at 6:33 AM, Edward Spiegel <email@hidden> wrote:
>> Hi,
>>
>> Thanks for the ideas. I am not sure that I quite understand.
>>
>> A couple of questions:
>>
>> what is an invisible package?
>
> It's a standard package inside the distribution but the corresponding
> choice is hidden (in the Installation Type pane if you allow the user
> to see the available choices).
>
>> Is the cookie being created with javascript or is there a way to create it
>> with a shell script?
>
> By cookie, I just mean a file (with a value or not) that you can
> create with touch(1).
>
>> Is this a correct paraphrase of this technique:
>>
>> ) the installer will be set up to always install the supporting files into
>> location A
>> ) location A will either be a real location or a symbolic link to the actual
>> destination (either location B or C) if A does not really exist
>> ) the cookie is used to tell the installer whether a symbolic link was used,
>> in which case it will be deleted at the end
>
> That's the first possible alternative.
>
>> Would this technique work:
>> ) use the script to create a symbolic link in /tmp to whichever A,B or C is
>> found to exist
>> ) install into /tmp/symboliclink?
>
> That's the second possible alternative.
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Installer-dev mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Installer-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden