[R-SIG-Mac] The new GUI: help font; root
Simon Urbanek
simon.urbanek at math.uni-augsburg.de
Sun Nov 21 17:42:55 CET 2004
On Nov 21, 2004, at 2:39 PM, Kjell Konis wrote:
> So when the lock is unlocked one really is only a typo away from some
> potentially serious harm (remember the iTunes installer?).
Well, but this is true for ANY shell ran as root - with sudo R you're
exactly in the same position, even worse as you can create files by
writing as root (which you can't in R.app), so I don't quite get your
point. When you authorize yourself as root, you should know what you're
doing. As Thomas said - giving authorization without thinking will give
any application the rights to kill your system.
> I think a good short term solution would be to have R ask for a
> password for each operation requiring root privileges and
> deauthenticate when that operation is complete. It would also be good
> if the dialog could tell you what the operation is. For instance, "R
> needs your password to install the the package ${packageName}."
Unfortunately both things are not possible. SF provides no way to
specify a message the user should get. Secondly there is no guarantee
that the performed operation is atomic - if you patch R_system you will
see that it's called more than once for seemingly single operations, so
it's not clear when to deauthenticate. We did indeed discuss the whole
issue before implementing it :P.
So the bottom line is that the tool is pretty harmless and safe for
regular users, as the user has to acknowledge their responsibility by
authenticating. It could be argued whether the icon should be present
in the bar by default (e.g. I'd propose to make it visible by default
to admin users only), but so far I see no argument against the feature
in general.
Cheers,
Simon
More information about the R-SIG-Mac
mailing list