[R-SIG-Mac] The new GUI: help font; root

Simon Urbanek simon.urbanek at math.uni-augsburg.de
Sun Nov 21 17:42:55 CET 2004

On Nov 21, 2004, at 2:39 PM, Kjell Konis wrote:

> So when the lock is unlocked one really is only a typo away from some 
> potentially serious harm (remember the iTunes installer?).

Well, but this is true for ANY shell ran as root - with sudo R you're 
exactly in the same position, even worse as you can create files by 
writing as root (which you can't in R.app), so I don't quite get your 
point. When you authorize yourself as root, you should know what you're 
doing. As Thomas said - giving authorization without thinking will give 
any application the rights to kill your system.

>  I think a good short term solution would be to have R ask for a 
> password for each operation requiring root privileges and 
> deauthenticate when that operation is complete.  It would also be good 
> if the dialog could tell you what the operation is.  For instance, "R 
> needs your password to install the the package ${packageName}."

Unfortunately both things are not possible. SF provides no way to 
specify a message the user should get. Secondly there is no guarantee 
that the performed operation is atomic - if you patch R_system you will 
see that it's called more than once for seemingly single operations, so 
it's not clear when to deauthenticate. We did indeed discuss the whole 
issue before implementing it :P.

So the bottom line is that the tool is pretty harmless and safe for 
regular users, as the user has to acknowledge their responsibility by 
authenticating. It could be argued whether the icon should be present 
in the bar by default (e.g. I'd propose to make it visible by default 
to admin users only), but so far I see no argument against the feature 
in general.


More information about the R-SIG-Mac mailing list