Re: [platform-update-dev] Re: Update Manager Installs - Forcing the Use

[Dorian Birsan <birsan@xxxxxxxxxx>]

> 
> Again, I ask you to identify the 'potential security loopholes'.

Can you also show you're not introducing security
loopholes?

I have pointed that a feature can be installed in
an arbitrary location without the user being aware (either via silent install
or via the install wizard when the user does not click on each feature
to see where it goes). To me, as a *user*, that's not acceptable. 

> 
> The security holes that the Eclipse Platform and Update Manager currently
> introduce have nothing to do with the physical location on disk of
> installed features & plugins.   As things sit right now,
a plugin could
> very cozily be nestled into the Eclipse directory structure and still
cause
> unspeakable damage.
> 
> Since, as you point out, an install handler could always place files
> whereever it darn well pleases, how does putting this artificial bound
on
> the default.install.path protect anything?

As I said, the install handler is problematic now,
and should be fixed.
It should not be used as an excuse to introduce other
security problems.

> 
> The fact is, the job of protecting the file system from things being
> written to where they should not falls on the shoulders of proper
access
> controls.  

There is never enough protection.

The work you've done is very neat and works fine in
your environment (you said you have control over what and when to update).
As it is now, I only disagree with having any feature
provide installation paths. If we limit the scope to certain features,
or certain update sites, etc. than I am with you.