[maemo-users] [maemo-users] Re: Bricked a third time

From: James Sparenberg james at linuxrebel.org
Date: Wed Feb 14 04:16:42 EET 2007
On Tuesday 13 February 2007 08:38:59 Aniello Del Sorbo wrote:
> Frantisek Dufka wrote:
> > Aniello Del Sorbo wrote:
> >> Yes, and the Application Manager (by looking at the packages flags
> >> somehow) could tell if this is a system app (and thus ask the User to
> >> enter somekind of passphrase) or a user app (thus installing it with
> >> no hassle). Asking the User for a kind of passphrase will give
> >> Application Manager root privileges and thus dpkg could be ran as root
> >> and those apps would install as usual and do their (good) job.
> >
> > And how is this different from the current warning about non Nokia
> > application? I simply fail to see any additional security.
> Because people don't usually read warnings and tap OK too fast.
> Entering a passphrase makes them think.

Perhaps on a windows box.  I don't use one don't get many popups so I read 
them.  As for making people think.  If you find a way to do that Washington 
could use some help.

> If a package is not labeled as a system one, it can be installed without
> even the warning (as it would be installed as 'user').

All apps touch a wide variety of system files.  If nothing else, they touch 
the debs db.  + libraries + config files.. etc. 

> Again, I am not saying that with that system you are safe.
> There's no way to be safe.
> I am only saying that that system makes it a bit harder to brick the
> device, but my whole point at the beginning was to only tell people that
> dpkg does not require root privileges.

I see your goal, but unfortunately I don't see it working.  The first thing 
you see most XP/Vista users learn to do is turn off all the pop ups.  (often 
by installing hack software.  Or worse yet they run as administrator.)  I 
don't feel it's Nokia's job to prevent people from bricking their device.  It 
is Nokia's job to provide reasonable separation of vetted and non-vetted 
packages, It is Nokia's job to provide trustable repositories.  But if Nokia 
tries to stop people from doing stupid things .... well .... it can't be 
done.  In a situation where you say "They will never do that"  'that' is 
usually the first thing someone does.  ("Your instructions never said I 
couldn't put my pet poodle in the microwave to dry him off!")


> The discussion went on and I throwed away this idea that, a part from
> giving a slight (let's call it) safer installation system, COULD give
> the chanche of installing apps on the memory card (and this is totally
> unrelated with the security issue).
> At almost NO additional cost.

Can't execute from a dos FS and IIRC the MMC is dosFS to be compatible with 
windows, as a mass storage device. 

> > So you basically want another similar dialog telling you this package
> > (dropbear) can really mess your system?
> No.
> --
> anidel
> PS: I think we can stop the discussion here :)
> _______________________________________________
> maemo-users mailing list
> maemo-users at maemo.org
> https://maemo.org/mailman/listinfo/maemo-users

More information about the maemo-users mailing list