From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
---|---|
To: | Christopher Browne <cbbrowne(at)gmail(dot)com> |
Cc: | Dave Page <dpage(at)pgadmin(dot)org>, Jay Levitt <jay(dot)levitt(at)gmail(dot)com>, PG Hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Switching to Homebrew as recommended Mac install? |
Date: | 2012-04-03 16:25:20 |
Message-ID: | CA+TgmoY0Mm_eW_FAxpjhKC+Wkvkscwk2grLcCccV1fp6b9hojg@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general pgsql-hackers |
On Tue, Apr 3, 2012 at 11:56 AM, Christopher Browne <cbbrowne(at)gmail(dot)com> wrote:
> It's pretty typical for MacOS applications to require "enter your
> password; I need to su to root to install this!" in plenty of places
> where the UI does not actually tell you what is being done as root.
> After enough iterations of "enter your password so my process can do
> undisclosed admin stuff," I'm not sure that you've got anything more
> secure than you'd have if /usr/local was writable by the desktop user.
I think that's somewhat true. Part of the reason why Windows is so
crufty is because of lousy privilege separation -- MacOS and even
Ubuntu are now busy copying that design, but realistically people do
need to install software, so short of educating users better or
creating a walled garden it's not clear how much better you can do.
However, Windows has another problem, too: there are so many ways that
you can hook into the system and get control that it's basically
impossible to remove spyware and crapware without its cooperation. I
mean, you can get rid of some of it, but finding all the little fiddly
pieces that have to be ripped out is basically not doable. You just
reinstall the machine.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
From | Date | Subject | |
---|---|---|---|
Next Message | Jon Nelson | 2012-04-03 17:01:30 | views, queries, and locks |
Previous Message | leo xu | 2012-04-03 16:20:17 | what happens when concurrent index create |
From | Date | Subject | |
---|---|---|---|
Next Message | Robert Haas | 2012-04-03 16:28:01 | Re: patch for parallel pg_dump |
Previous Message | Tom Lane | 2012-04-03 16:17:25 | Re: patch for parallel pg_dump |