Shop OBEX P1 Docs P2 Docs Learn Events
administrators privileges or logged in to install IDEs — Parallax Forums

administrators privileges or logged in to install IDEs

hobbyProgrammerhobbyProgrammer Posts: 9
edited 2015-05-31 17:06 in General Discussion
I was wondering if it would be possible to have a version of PropellerIDE, PropGCC, Propeller tool and Basic Stamp editor with out needing administrator privileges or log-on to install or use.
Arduino has done it for sometime.

Thanks Charlie

Comments

  • Heater.Heater. Posts: 21,230
    edited 2015-05-29 11:16
    That is a good idea.

    All these tools should be installable in any user space that I have privs to access.

    Sadly people demand convenience so we end up with deb and other packages that integrate with the OS and it's package manager and require root privs to install.
  • GadgetmanGadgetman Posts: 2,436
    edited 2015-05-29 13:21
    I don't like ANY program that can be 'installed' without admin provileges.
    It generally means that the executable is in a place where ANY running process can modify it.
    And that's just poor security.
  • hobbyProgrammerhobbyProgrammer Posts: 9
    edited 2015-05-30 07:35
    I would just like to be able to choose and Arduino does. You don't seem to need any administrator privileges to install Python on windows
  • Heater.Heater. Posts: 21,230
    edited 2015-05-30 09:40
    Gadgetman,
    I don't like ANY program that can be 'installed' without admin provileges.
    It generally means that the executable is in a place where ANY running process can modify it.
    And that's just poor security.
    I could argue the exact opposite. Running installers for random programs found around the net with root privileges is an invitation to have your OS installation damaged and security compromised. This has been a famous problem in the windows world for decades and has even happened to me on Linux. A couple of times I have installed deb packages from sources other than Debian only later to find that my system is no longer updateable because of the changes they made.

    Certainly any code I write myself has to be runnable without requiring root privileges and often I would like it "installed" some place out of my home directory but not intertwined in the OS files. Like /opt for example.
  • Mark_TMark_T Posts: 1,981
    edited 2015-05-31 04:45
    Gadgetman wrote: »
    I don't like ANY program that can be 'installed' without admin provileges.
    It generally means that the executable is in a place where ANY running process can modify it.
    And that's just poor security.

    What's the threat model here? If you're already running a process on the target machine how do you gain anything
    by writing another unprivileged executable? Malware in this situation wants to escalate privilege, its going to
    try known weaknesses in privileged code.
  • Heater.Heater. Posts: 21,230
    edited 2015-05-31 06:07
    That's right Gadgeman's worry is that if he already has a compromised machine i.e. there is some rogue code running as root or even just at user level, then that rogue code can further compromise other executables you may put in user space. Like you say, it's a worry only if you are already breached in some way.

    On the other hand that was how viruses worked back in the day. They would attach themselves to any executable they could find in the hope that said executable would eventually be shared with others and they could spread. We can imagine that similar attacks can still go on today, all in user space.

    By all accounts that's how the famous Stuxnet got where it did.
  • xanaduxanadu Posts: 3,347
    edited 2015-05-31 10:55
    hobbyProgrammer wrote: »
    I was wondering if it would be possible to have a version of PropellerIDE, PropGCC, Propeller tool and Basic Stamp editor with out needing administrator privileges or log-on to install or use.
    Arduino has done it for sometime.

    Thanks Charlie

    No admin to log on, to install, or use?

    So you mean you want to push an unattended install to a bunch of workstations?

    What is the end goal here?

    Dropbox is a sysadmin nightmare with installing into the application directory and roaming profiles. Users would "just install it" to their workstations and sync few gigs of data basically trashing their roaming profile, blowing quotas, causing backups to fail, etc.
  • GadgetmanGadgetman Posts: 2,436
    edited 2015-05-31 12:29
    Dropbox, Crome...
    Those two apps are the reasony why we're going to use Applocker in my organisation.

    We're still going to allow DropBox and Chrome, though, but only for those who require it for their work and use our installs (packaged with the settings we want and distributed using SCCM )

    A packaged PropIDE or similar tool may be of interest for educational facilities where they're using Basic Stamps or Props for STEM or similar programs.

    In my organisation, we use PXE-boot to push the basic image to a PC, with a few different settings depending on whether it's a laptop or desktop and the type of use. Then the user uses a page on our intranet site to 'order' the special packages they need, such as DB tools, CAD, statistics, Terminal emulators and whatever(we have 350+ apps in use currently... )
    If a PC is virus-infected, the HDD is borked or whatever, we can just PXE-boot it again, and whatever apps the user had 'on order' for that machine will also be reinstalled. Pretty smooth, really.
    It requires quite a bit of testing on the packaged apps, though...
  • Heater.Heater. Posts: 21,230
    edited 2015-05-31 13:52
    What are the issues with Chrome?
  • xanaduxanadu Posts: 3,347
    edited 2015-05-31 17:06
    If Chrome installer doesn't have access to the program files directory or registry it installs into the users profile.
Sign In or Register to comment.