site_archiver@lists.apple.com Delivered-To: installer-dev@lists.apple.com Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:mime-version:in-reply-to :references:content-type:message-id:content-transfer-encoding:from :subject:date:to:x-mailer; bh=oUMjCHUmYfH7U2Dy9IUoyR+IC/Daw+vUnI1jFUV8qJw=; b=e8lEcg/hd2OcDHzoovI5O+jtna1xe/YLudOwaTELfUigr/YU4SkAY98eORDL8DVl7m K2DLdw67F2EM6yDHCvu7FEnE1bsfzwwnizNqCrXJlJ7AMmTnQhZAXyFo9Y6csvsypKv4 J790auFUCRZTbz3SgJvjsJwg1M0Q7TaHcD/kk= Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:content-type:message-id :content-transfer-encoding:from:subject:date:to:x-mailer; b=Xwec+cn2cGuext4KNKUTUEe0m8GtOp9JNK4HjlXD1J1CQXjBXX/IH0fiOcZHmgk4bl 5gZVsNDANsHUGYYDW1HZcWxX9ByK0Y1+/dQsR++aHBalT5lSWJZfoozWU6FaMIub1Fj0 8wAFjyZqdkMcRSV/O4M72CiTSzC2bzcq8/+7w= On Aug 19, 2010, at 9:34 PM, Monte Benaresh wrote: Hi All, _______________________________________________ Do not post admin requests to the list. They will be ignored. Installer-dev mailing list (Installer-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/installer-dev/site_archiver%40lists.a... I don't mean to beat a dead horse, but we are close to deciding what to do when our preflight script finds wrong permissions or owner when checking /Library/PrivilegedHelperTools/ and it's parents. Here are the remaining questions we have boiled down to: 1. Should we just aspire to the same degree of permissions/owner repair that Disk Utility does, i.e., not care about the owner on "/"? BTW, DU does not fix a bad owner or permissions of /Library/ PrivilegedHelperTools/. I know some of you have said that DU should fix the owner of "/". Disk Utility is not always the most clever guy in the room: e.g. CVE-2008-2324 . IMHO, the reference is what the boms of the OS install disks say (plus the security fixes introduced by minor OS updates and security updates). So if the boms say '/' should be root/admin, just consider it should be root/admin. This email sent to site_archiver@lists.apple.com