If you're new here, you may want to subscribe to my RSS feed and if you have questions related to your ubuntu system post question to our forums. Thanks for visiting!
Zero Install is a decentralized installation system (there is no central repository; all packages are identified by URLs), loosly-coupled (if different programs require different versions of a library then both versions are installed in parallel, without conflicts), and has an emphasis on security (all package descriptions are GPG-signed, and contain cryptographic hashes of the contents of each version). Each version of each program is stored in its own sub-directory within the Zero Install cache (nothing is installed to directories outside of the cache, such as /usr/bin) and no code from the package is run during install or uninstall. The system can automatically check for updates when software is run.
Install Zero Install Injector in ubuntu
sudo apt-get install zeroinstall-injector
This will install all the required files
Screenshot
Video Demo
This is such an insanely bad idea, I can’t even begin to convey it. “Emphasis on security”? “Signed”? By who? With what trust model?
Firefox extensions are bad enough, this is just begging for a social engineering attack.
I couldn’t agree more with Fritz. This is an absolutely terrible idea. There’s a reason why root permissions are required for installs.
@Fritz: you have to say which people you trust. For example, you could decide to only accept packages signed by official Debian packagers. See this screenshot:
http://0install.net/confirm-tal-rox.png
(from http://0install.net/injector-using.html)
Okay, yes, I see that you can trust “someone”, but there’s no real trust model.
The point is, you (or whoever) are creating an application to make it totally easy to download and run an app without root permissions, but then you’re saying the security is okay because you have to decide to trust someone, verify their identity (how?) and then accept keys and such to allow the one-click run to happen.
This is Microsoft mentality - put in a new whiz-bang feature, but make the actual SECURITY of the feature insanely hard. That way, when the hapless user gets social-engineered into downloading and running the latest rootkit, you can just shrug and say “it’s the user’s fault, they accepted the certificate!”. But the reality is, you didn’t give them the tools to be smart about the security in the first place, so you shouldn’t have introduced the tool.
See Microsoft UAC for a classic example of this. Have you ever looked at the “details” of any of those UAC dialogs? They don’t say what the action is going to be, they usually have a CLASSID of some random control instead of a name, they provide no useful information for a decision. But Microsoft put it in so they could blame the users and shift responsibility for their completely broken trust model.
First, let’s clarify what is meant by “without root permissions”, because there are two possible interpretations. For example, Fedora recently allowed unprivileged users to install RPMs from their repository; the packages executed as root as they installed. This is not what Zero Install does. It does not execute any code from the package (as root or as anyone else) at install time. Installation is side-effect free.
So, it’s not letting users do anything they couldn’t already do (e.g. by downloading a shell script and clicking on it), but it does give them much better information (such as indicating that the package is signed by their distribution, or that the signing key has changed since they last updated).
In particular, you can’t use it to install a rootkit as you suggest. The user would have to take some extra step (e.g. entering their password at the sudo prompt). If software installation doesn’t need to be done as root, then fewer users will need to have administrator access in the first place. In an ideal world, we wouldn’t need to worry about users installing strange software any more than we currently worry about them visiting strange web sites.
Now, whether you think installing something this way is “more secure” or “less secure” depends what you’re comparing it to:
Compared to not installing the software, it’s probably less secure (unless the package being installed helps with security or something…).
Compared to installing a .deb package, from the same author? Probably more secure, since the installation isn’t happening as root.
Compared to installing a random .deb you found on the web which you have no basis to trust? Slightly more secure perhaps, but you’d better be careful either way. Probably combining it with some sandboxing or virtual machine would be good (Zero Install lets you share libraries between mutually-suspicious VMs, for example).
Ultimately, a Linux community made up of users too scared to install software doesn’t help the Free software ecosystem. Developers need users to test new versions of their software, and we need to make it as easy and safe as possible.