On 7/18/05, Alan Cox <alan@xxxxxxxxxxxxxxxxxxx> wrote: > On Llu, 2005-07-18 at 07:30 -0600, Samartha wrote: > > My guess is that it's much less than 5 % of all Linux installations of > > Acrobat Reader possibly doing this. > > I would suspect most technically aware users don't use acrobat reader > because of the javascript problems. Annoyingly enough, there are no OSS pdf reader programs that provide all features expected by users, so there are some technically aware people out there using Adobe's Reader. (At least, this was true when I surveyed them all about 4 months ago.) > > > Now, my co-worker proclaims that this (under a user's home directory) is > > the common method to install Acrobat Reader under Linux and this opinion > > is percolated up the management hierarchy. This seems a little crazy to me. In most businesses, some computers are at least occasionally shared. I don't want to set up any application specially for anyone who might log on. I want every computer to work for anyone who might log on. Even if you're not sharing, aren't you imaging? You can't set up an image for a new computer install if the apps have to go into user's homedirs. Even if you're allowing users to install their own software (which is horrifying to me, but often a reality), any app that is likely to be used by most people should be part of your default installs. And asking users to do the installs (the usual rationale for homedir installation) is a recipe for a support call, and security holes (as Alan Cox noted). > > I think you'll find a mix that varies between sites where users personal > file store is mounted "noexec" to keep the slaves at work and home > systems where the user is root and can do as they like > > It is bad security practice to allow end users random software > installations because it becomes impossible to pull a package or update > all copies of it reliably if there is a security hole. It's one of the > big problems many Windows environments face and it isn't directly a > Microsoft caused problem. Indeed. One of the hardest things we did here, but one of the most important and valuable, was to remove this right from the users here. Windows gives admins the ability to keep users from running installers, but can't stop users from running a stand-alone exe (to the best of my knowledge). noexec mounting is better.
