Problems with Apple's package installer

Apr 09, '01 08:55:14AM

Contributed by: robg

Scott Anguish of Stepwise has written a very good article that discusses some serious problems with Apple's package installer program. It's a bit technical at times, but a couple of key tidbits include:

In short, until Apple resolves the problems with the installer maker, you should treat any .pkg file with extreme caution - it could easily disable key portions of your system, and it would be fairly trivial for a malicious hacker to create an installer that does a number of Very Bad Things using root privileges.

This is a tricky situation, as some products (such as mySQL and PHP) seem to require an installer, based on their need to put pieces in a number of locations. In general, avoid the package installers if you can, but if you can't, make sure you (a) have a backup of important data before proceeding, and (b) know and trust the source of the package.

Comments (0)


Mac OS X Hints
http://hints.macworld.com/article.php?story=20010409085514662