At 07:50 -0800 14/1/08, x4u-request at listserver.themacintoshguy.com wrote: >From: Robert Ameeti <Robert at Ameeti.net> >Subject: Re: [X4U] Extra Applications folder >To: "A place to discuss Mac OS X for the casual user." > <x4u at listserver.themacintoshguy.com> >Message-ID: <p06240815c3ae8352195f@[10.0.1.200]> >Content-Type: text/plain; charset="us-ascii" ; format="flowed" > >At 12:01 PM +0000, 1/12/08, David Ledger wrote: > >>But be aware that should you accidentally run some Trojan that may >>exist in the future, it wouldn't have to ask for a password to >>attach something to any App in ~/Applications, because you own them. > >Where does this belief come from? From the Unix protection model. That's the way it works. > Users, Groups, & Others have >rights, not ownership. Files have ownership that is a user and a group, therefore users have ownership of files (at least, in English English). > Any change to an application should require >authorization from someone who has rights to make that change. If you are the owner of a file you can change the rights and (hence) the contents of a file. If you own an application because _you_ installed it into ~/Applications, a piece of malware triggered by you and running as you can modify that application. It can't modify an app installed in /Applications that is owned by root without further authentication. David -- David Ledger - Freelance Unix Sysadmin in the UK. HP-UX specialist of hpUG technical user group (www.hpug.org.uk) david.ledger at ivdcs.co.uk www.ivdcs.co.uk