[chuck-users] Question re: installing ChucK on Mac

Sat Aug 7 09:52:41 EDT 2010

On 7 Aug 2010, at 14:27, Kassen wrote:

>>> However, sudo is a tool to protect the installation against  
>>> unauthorised modifications.
>>
>> Actually, not: it is just a shortcut to become root; try 'sudo -s'.
>
> Quite so, and I believe that unlike with becoming root outright the  
> commands given with sudo are logged, which can be helpful to trace  
> what went wrong, if something does.

There is a file /private/etc/sudoers which can be edited with 'visudo'  
to put restrictions. But the user does become root. I think all stuff  
is logged - there is a Console showing it, if you so like.

>> Though restrictions can be implemented, that is not so in Mac OS X.  
>> In addition, when one does a 'sudo', it is valid for a few minutes,  
>> which can be exploited by malware, by trying every minute if the  
>> user has enabled root permissions.
>
> It might be preferable to restrict root access to a single bash  
> session, or perhaps to require it for every command. System-wide  
> root access sounds a bit excessive to me, but I don't know what  
> considerations went into that choice.

Yes, one can turn the timing off, and some do. Otherwise, giving  
access in just the place where one wrote it might have been wise, but  
one can do it in one window, and then do it in another without  
switching.

>> On the other hand, whenever you install something on Mac OS X, and  
>> is asked for the password, one is in effect doing the same thing as  
>> a 'sudo', becoming root. So one should never do that unless one  
>> trust the software.
>
> Good advice. I do trust our devs, even though they can be a bit  
> chaotic at times ;-)
> ..

It is mostly important when you visit porn sites - don't give your  
password away there! Strange that one would have to give such  
advice. :-)

>> FYI: Though it derives from FreeBSD, it is now certified UNIX  
>> (Intel 1.5 and later).
>
> It is. Of course the main thing that this indicates is that Apple  
> (unlike some other *nixes) has a budget for certification.

Yes, but I saw that there are efforts to close in on the free  
variations.

>> I suspect he has absolutely no knowledge about the console  
>> (Terminal). Therefore, to start with it, it might be safest to put  
>> it into ~/bin/.
>>
>> It is good with this discussion - ChucK with strange downloading  
>> comments, is directed to the console-savvy user, in effect shutting  
>> others out.
>
> Yes. There have been a lot of questions about this. Commandline  
> interfaces do look alien and a bit scary to many. Perhaps we should  
> spend some time on this in a FAQ, for example with a link to a good  
> online tutorial. We may also need to update the docs on the mini  
> since the mini really isn't all that experimental and dangerous any  
> more.

An installer might put the stuff into /usr/local/bin where it should be.