[haiku-development] Re: Override system file with hpkg
- From: looncraz <looncraz@xxxxxxxxxxx>
- To: haiku-development@xxxxxxxxxxxxx
- Date: Sat, 01 Feb 2014 12:30:12 -0800
On 2/1/2014 06:26, Tomas Wilhelmsson wrote:
hmm overriding system packages with modified packages i would call a
serious security fault =) as any package then would be able to just
override and spyware etc could go nuts =)
Ditto.
But you could protect the system packages folder from modification
except by root, so when user control is working it could become plenty
secure.
Signing official Haiku packages so that safe mode doesn't load anything
but signed packages (or you could set a secure mode where overriding
system files isn't permitted) could make for a more easily secured system.
-- Writeable PackageFS
I was thinking of a somewhat convoluted way to implement a writeable
packagefs that would keep the best of both worlds. You don't write into
any existing packages, you update a separate black list, and create a
few automatically managed "user" packages. When the user tries to write
a file into a package's expanded location, that write is redirected into
an alternative location, and the package's file (if conflicting) are
blacklisted. This means I would have simply copied over
/system/Deskbar, passed a security prompt (which may require a
root/system password later), and I would have been known the wiser that
the system Deskbar was merely blacklisted, and my Deskbar was placed
into /system/packages/override/system/Deskbar or wherever :-p
It would be completely transparent, and starting in safe mode would
disable blacklists and overrides, and I could disable the writeable
packagefs for a slightly higher sense of security (nothing secure about
package add -f, just forcing users to jump through hoops to do things to
which they are long accustomed).
If no one at Haiku wants to do it, I suppose it is ripe pickins for a
third party developer.
--The loon
Other related posts:
