← Back to team overview

coapp-developers team mailing list archive

Re: Changes to the design of CoApp

 

Arguably, it is an even worse idea to write a custom service to require
symlink privileges. As long as symlink creation is done by msiexec, then it
can be tracked, but if a custom service does it, you can't really track what
symlinks are made on the system. The fact is, UNIX systems have allowed all
users to create symlinks for decades. I think the Windows Installer team can
budge a little on this and allow symlinks to be made by Windows Installer.
It's not like we're asking for symlink creation to be allowed at all levels,
just at installer phase.

2011/7/25 Jernej Simončič <jernej+s-launchpad@xxxxxxxxxxxxxxxxxx>

> On Monday, July 25, 2011, 22:53:46, Garrett Serack wrote:
>
> > They restricted a lot of the privileges that are available to
> > LOCALSYSTEM as a security precaution.... and no, they ain't gonna
> > fix that (their response is, if you need to do that, write a service).
>
> Which of course brings the question, what kind of added security is
> this, if you can work around the limitation by using a custom service...
>
> --
> < Jernej Simončič ><><><><>< http://eternallybored.org/ >
>
> All things considered, life is 9-to-5 against.
>       -- Nick the Greek's Law
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~coapp-developers
> Post to     : coapp-developers@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~coapp-developers
> More help   : https://help.launchpad.net/ListHelp
>

Follow ups

References