[R-SIG-Mac] The new GUI: help font; root

Kjell Konis konis at stats.ox.ac.uk
Sun Nov 21 14:39:50 CET 2004 

Just as an experiment I tried the following.  First, as the root user I 
created a file named unlink.me in /:

[muffin] /> ls -l
total 8753
<snip>
-rw-r--r--   1 root  admin       11 21 Nov 13:15 unlink.me
<snip>

Then I started up R, clicked on the lock and authenticated myself.  I 
was able the delete unlink.me with the command

 > unlink("/unlink.me")

The unlink function is defined as

 > unlink
function (x, recursive = FALSE)
{
     if (!is.character(x))
         stop("argument must be character")
     if (recursive)
         system(paste("rm -rf ", paste(x, collapse = " ")))
     else system(paste("rm -f ", paste(x, collapse = " ")))
}
<environment: namespace:base>

So when the lock is unlocked one really is only a typo away from some 
potentially serious harm (remember the iTunes installer?).  I think a 
good short term solution would be to have R ask for a password for each 
operation requiring root privileges and deauthenticate when that 
operation is complete.  It would also be good if the dialog could tell 
you what the operation is.  For instance, "R needs your password to 
install the the package ${packageName}."

Just my 2 cents.

Kjell

On 21 Nov 2004, at 12:54, Simon Urbanek wrote:

> On Nov 19, 2004, at 1:14 PM, Jussi Piitulainen wrote:
>
>> There is a prominent button for letting R use root privileges. This is
>> really scary. Please, could the code in question be removed? Not just
>> hidden but removed. Don't risk the stability of my computer for some
>> convenience. (What is it for? To mess with the kernel?)
>
> Thomas nicely explained the reason behind the button and where your 
> seem to misunderstand the way such things work and the implications.
>
> Just for completeness, technically what happens is that the R_system 
> call is authorized to run as root if authenticated as long as the lock 
> is unlocked (pretty much like in all Apple applications BTW). It does 
> not change the privileges of R.app itself. The main reason for this 
> functionality is that there is no way to run R.app as root for 
> system-wide tasks and "sudo R" does not give you necessarily the same 
> environment (let alone GUI for package installation ;)).
>
> Cheers,
> Simon
>
> _______________________________________________
> R-SIG-Mac mailing list
> R-SIG-Mac at stat.math.ethz.ch
> https://stat.ethz.ch/mailman/listinfo/r-sig-mac

More information about the R-SIG-Mac mailing list