|
|
|
|
|
|
by soneil
4086 days ago
|
|
|
Point 1 I keep seeing repeated, but it's entirely false. Installing packages as the user does not increase security in the least. If anything, it weakens the traditional unix security model because now the running user owns the binaries, running processes can modify them. "run as root" is nothing to do with this. Who installs the package and who runs it are entirely disconnected. If I install a package as root, and run it with my user, it's running as my user, not root. All it actually illustrates is that the package manager is not trusted. You don't give homebrew root so that it can't damage the OS by accident. The end result is a binaries that are at risk from errant processes, but it seems this is preferable to trusting homebrew. |
|
|
This is a great issue to point out. This is why package managers like Nix and Guix (and maybe others I do not know about) use an immutable store for package builds. Unprivileged users may still install and use the software in the store, but the Unix security model prevents them or a malicious process running under their user account from corrupting what has been built.