Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Default to binary-only installs when running with elevated privileges? #4735
As noted at #1668 (comment), one of the problems with
Actually implementing #1668 is fraught with compatibility problems, but I'm wondering if their might be a useful intermediate step which works like so:
That approach would still have compatibility problems, but there'd be fewer of them, and all of the remediation measures would be things we actively want to encourage:
Yeah, from a security perspective, this only pays off in cases where:
It makes it slightly harder to get a persistent foothold on a machine, but not appreciably so if it's a local workstation where the user always logs in anyway (so you can just hook their login scripts and assorted other attack vectors).
So I also wouldn't be opposed to just going down the #1668 path of:
And deciding this isn't worth it as an intermediate step.
Aye, closing for now as presumably failing the potential security benefit vs increased code complexity trade-off.
However, if someone likes the idea enough to try implementing it, and finds the resulting PR to be reasonably easy to follow, then they should still feel free to post that PR and request that this RFE be reopened.