site_archiver@lists.apple.com Delivered-To: installer-dev@lists.apple.com Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender :to:subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references :x-google-sender-auth; bh=txAoMwVdSAV7vdR8HIXAetPwRVLcVO+gfLk9KUqw2tU=; b=aa1/nnxZc48xc6+dZNxF+9Vg+tk3UT6a9SEk12ByCSCs7SFYFF8zHXrrp5IDmq8jHc wn7PTHjTSd2Wgs4yYwx1rk4cx1Uax7mdXy4c6lpMobetRjzl4MCCM8XmpKnVQAvjY1H9 lfpqTEqt2OsKF6kgqbEgfsS7Kaqv+GAuPKrhg= Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references:x-google-sender-auth; b=gENGCUEQk6K+AXrcEYqQOpq8ox+BK+4ZcCDb6NZcq9ObZktGZLMbZkV/I5E4IMOJhW /da/Am8iIR14GQNKiWJQCcDPUEe8+v48hQ/3mP9rJRW2ZZjWSEqm8a9w/CyozHmV0+WK tgCkrDsRKaPti4Ccl74GmJGMhK+1ngXOa0sf4= Both valid points -- I'll change to absolute paths. The admin privileges danger makes sense too, particularly in the case where the user has somehow installed malicious software. I'll have to think about that one a bit more. Thanks. -Adam

There might be 2 things to take into account here that are related to security:

- it's better to use absolute path for tools to avoid calling an alias. For instance, use /bin/rm instead of just rm

- Since the script will be executed with administration privileges, there's always the issue that someone can change the script to do bad things.

My $0.2

-- http://www.littleshoot.org P2P Meets Web 2.0 _______________________________________________ Do not post admin requests to the list. They will be ignored. Installer-dev mailing list (Installer-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/installer-dev/site_archiver%40lists.a... This email sent to site_archiver@lists.apple.com