site_archiver@lists.apple.com Delivered-To: installer-dev@lists.apple.com On Feb 14, 2007, at 6:18 AM, John Daniel wrote: On Feb 14, 2007, at 12:17 AM, Bill Coderre wrote: So it's incorrect to have a "no authenticate" installer install into any location that a user might not be able to write to. If the user is non-admin, almost the only place that they CAN write is their home directory. (Almost) The Installer is not enforcing this. Unix is. Yes, I know. The only "officially correct" way to install an application (using PackageMaker) is to force the user to authenticate. But once someone authenticates, they give the installer complete access to their machine - Applications, /System, Startup Items, kernel, everything. Does my little shareware app need that? Clearly not. I agree: it would be great to have some kind of security where things could mess with /Applications but not /System. The problem is, 99.9% of Macs don't have a user with that combo of privs. They have an admin login, which has "wheel," and MAYBE they have a regular user that has nothing. What will the user supply for a login/password that will have the right combo? If they supply a root- capable password, then what happens when a rogue installer replaces the binary? So yeah, I agree. It would be great to have, but it's a larger problem than just Installer. _______________________________________________ Do not post admin requests to the list. They will be ignored. Installer-dev mailing list (Installer-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/installer-dev/site_archiver%40lists.a... This email sent to site_archiver@lists.apple.com