Received: from malur.postgresql.org ([2a02:16a8:dc51::56]) by arkaria.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256) (Exim 4.89) (envelope-from ) id 1fUj4o-0008Ax-0U for pgadmin-hackers@arkaria.postgresql.org; Mon, 18 Jun 2018 01:35:26 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.89) (envelope-from ) id 1fUj4m-0000yN-FF for pgadmin-hackers@arkaria.postgresql.org; Mon, 18 Jun 2018 01:35:24 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256) (Exim 4.89) (envelope-from ) id 1fUj4m-0000y6-3S for pgadmin-hackers@lists.postgresql.org; Mon, 18 Jun 2018 01:35:24 +0000 Received: from mail-wr0-x22c.google.com ([2a00:1450:400c:c0c::22c]) by magus.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.89) (envelope-from ) id 1fUj4h-0004nZ-Np for pgadmin-hackers@postgresql.org; Mon, 18 Jun 2018 01:35:23 +0000 Received: by mail-wr0-x22c.google.com with SMTP id f16-v6so15060863wrm.3 for ; Sun, 17 Jun 2018 18:35:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pgadmin-org.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Z0KF1oOt5wzghxwkmLMWhrtKT0Yr6qJljtXqtuZCJcQ=; b=YZVs01tH4RZg2xpp9RNQhcafk4lTYZsyabRO0XJqsAP9DVGiv767cBb2LCvyqoXKLd CSFbqsZDrQ7fpjiDRjJywB+FaCgEtuFY30wyzSjYQOAZnyokXc/WvUMzqGuB/JEj32Nw 5lvrf7N1FxcKVooSjXnwZaO5fQGE5ihjCszG6wCgEjPL8kGvkiaR1wtpuKoqw8rDw8vw HLt/JTBHCL5C869hv3N/7iyGhqj1yhR5Mf3UgxRvrco3PnTtw96wQQFOhXCwPc2N3LX1 NFqaTOy0qZwXcofQvrXr+CMvP++NV6JyB8s+OCEGiEWyFsTctCRnXs8M8u5FPzO5ec2u I1jw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Z0KF1oOt5wzghxwkmLMWhrtKT0Yr6qJljtXqtuZCJcQ=; b=leT46PgbqzyfyQyOsEe33XNDKsKp2USFelupmnhskgQ0Z4UJZjrH9CUeNO5mJxdg6M JOBz8sKbQpDRoQh0FDcOnKPjCdowhm030KAripDAUa/UKxXnat34CZFUq0tBL4AergKK m4/5U0fV9oXQKLcgBATkGL+L5IZIrpHaXlknLwHtyCDZeWTqpXQDLjmsEGS5UjwiA5Po qEjfjWzoOdd5V0zAVU8C/3ke3Ex7aIhQHvxoejuQ2EU93sRkk2O3CpigPI4qeu29EAAE GiTMoyBfnX7vRfhMizW3pZccRVqzGMZrsskqx8N8Rid6fFD7bQPPol6xtkXveJpCOvHY m92g== X-Gm-Message-State: APt69E3hP+HPJndMQA6KR7naXA1B0o1BF6OGtLWtHVeE+INGQaDfpR1R o2BQPcp9HD2MM9M3kiStM0Hro4TKyc4PQbz9FhnMIQ== X-Google-Smtp-Source: ADUXVKKZCDKsqv67XaKSdSp6QhfU8SkJJzEFn5Xhsq4UMAgFW9r/FgSaqHxuLqBymdeKiZ4qWcMdXTclD9gJyAXl/Vk= X-Received: by 2002:adf:f090:: with SMTP id n16-v6mr9095827wro.49.1529285717175; Sun, 17 Jun 2018 18:35:17 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a1c:2907:0:0:0:0:0 with HTTP; Sun, 17 Jun 2018 18:35:16 -0700 (PDT) In-Reply-To: References: From: Dave Page Date: Mon, 18 Jun 2018 02:35:16 +0100 Message-ID: Subject: Re: [pgadmin][patch] Electron version 4.X To: Victoria Henry Cc: Joao De Almeida Pereira , pgadmin-hackers Content-Type: multipart/alternative; boundary="000000000000eec3a6056ee093cd" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Precedence: bulk --000000000000eec3a6056ee093cd Content-Type: text/plain; charset="UTF-8" Hi On Fri, Jun 8, 2018 at 3:49 PM, Victoria Henry wrote: > - I think the build instructions need to be more generic (particularly on >> macOS). For example, I do not use HomeBrew (largely due to some nasty >> security issues they had in the past). I was able to mostly port the >> instructions and build script over to work using MacPorts (without PyEnv) >> which actually turned out to be somewhat more simple than what's there now. >> > Since we don't use MacPorts, we cannot provide installation instructions. > FYI, I just tried Homebrew again to see if it has improved. It has not: dpage@snake:~/git$ /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)" ==> This script will install: /usr/local/bin/brew /usr/local/share/doc/homebrew /usr/local/share/man/man1/brew.1 /usr/local/share/zsh/site-functions/_brew /usr/local/etc/bash_completion.d/brew /usr/local/Homebrew ==> The following existing directories will be made group writable: /usr/local/bin /usr/local/include /usr/local/lib /usr/local/share /usr/local/share/man ==> The following existing directories will have their owner set to dpage: /usr/local/bin /usr/local/include /usr/local/lib /usr/local/share /usr/local/share/man ==> The following existing directories will have their group set to admin: /usr/local/bin /usr/local/include /usr/local/lib /usr/local/share /usr/local/share/man ==> The following new directories will be created: /usr/local/Cellar /usr/local/Homebrew /usr/local/Frameworks /usr/local/etc /usr/local/opt /usr/local/sbin /usr/local/share/zsh /usr/local/share/zsh/site-functions /usr/local/var As anyone familiar with Unix system architecture could tell you, this is a horribly bad idea for a number of reasons: 1) It will break on any system used by more than one person - only the original installer (and possible members of the admin group) will be able to properly use brew. 2) It's changing the default (and correct) permissions on /usr/local/ to something they are not supposed to be. 3) It's making a directory that is in the path writeable by user other than root. This is a very bad idea as it means that any malicious software run by the user could place executable files there without the user's knowledge. /usr/local/ is supposed to be a secure directory for very good reasons. We cannot start recommending our devs do something that compromises the security of their system to build pgAdmin, thus we need to figure out how to do this using MacPorts or some other similar technology that doesn't suffer from this problem. I'm leaning towards the idea that having any build instructions that suggest using brew should be removed from pgAdmin entirely, to avoid putting users at risk. -- Dave Page Blog: http://pgsnake.blogspot.com Twitter: @pgsnake EnterpriseDB UK: http://www.enterprisedb.com The Enterprise PostgreSQL Company --000000000000eec3a6056ee093cd Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi

On Fri, Jun 8, 2018 at 3:49 PM, Victoria Henry <= vhenry@pivotal.io> wrote:
=C2=A0
- I think the build instructio= ns need to be more generic (particularly on macOS). For example, I do not u= se HomeBrew (largely due to some nasty security issues they had in the past= ). I was able to mostly port the instructions and build script over to work= using MacPorts (without PyEnv) which actually turned out to be somewhat mo= re simple than what's there now.
Since we don't use MacPorts, we cannot provide installati= on instructions.

dpage@snake:= ~/git$ /usr/bin/ruby -e "$(curl -fsSL https://raw.githubu= sercontent.com/Homebrew/install/master/install)"

=3D=3D> This script will install:

/usr/local/bin/brew

/usr/local/share/doc/homebrew

/usr/local/share/man/man1/brew.1=

/usr/local/share/zsh/site-functi= ons/_brew

/usr/local/etc/bash_completion.d= /brew

/usr/local/Homebrew

=3D=3D> The following existing directories will be made group writable:

/usr/local/bin

/usr/local/include

/usr/local/lib

/usr/local/share

/usr/local/share/man

=3D=3D> The following existing directories will have their owner set to dpage:

/usr/local/bin

/usr/local/include

/usr/local/lib

/usr/local/share

/usr/local/share/man

=3D=3D> The following existing directories will have their group set to admin:

/usr/local/bin

/usr/local/include

/usr/local/lib

/usr/local/share

/usr/local/share/man

=3D=3D> The following new directories will be created:

/usr/local/Cellar

/usr/local/Homebrew

/usr/local/Frameworks

/usr/local/etc

/usr/local/opt

/usr/local/sbin

/usr/local/share/zsh

/usr/local/share/zsh/site-functi= ons

/usr/local/var


As anyone familiar with Unix system architecture could tell = you, this is a horribly bad idea for a number of reasons:

1) It will break on any system used by more than one person - only = the original installer (and possible members of the admin group) will be ab= le to properly use brew.

2) It's changing the = default (and correct) permissions on /usr/local/ to something they are not = supposed to be.

3) It's making a directory tha= t is in the path writeable by user other than root. This is a very bad idea= as it means that any malicious software run by the user could place execut= able files there without the user's knowledge.

/usr/local/ is supposed to be a secure directory for very good reasons. We= cannot start recommending our devs do something that compromises the secur= ity of their system to build pgAdmin, thus we need to figure out how to do = this using MacPorts or some other similar technology that doesn't suffe= r from this problem.

I'm leaning towards the i= dea that having any build instructions that suggest using brew should be re= moved from pgAdmin entirely, to avoid putting users at risk.
=C2= =A0
--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

= EnterpriseDB UK: = http://www.enterprisedb.com
The Enterprise PostgreSQL Company
--000000000000eec3a6056ee093cd--