Re: Force Feeding

[dleblanc () MINDSPRING COM (David LeBlanc)]

At 07:06 PM 6/28/00 +0300, Philip Stoev wrote:
> From: "David LeBlanc" <dleblanc () MINDSPRING COM>
> > One work-around for this that I have long advocated is making the
> temporary
> > internet folders and the temp folders non-executable.
>
> This is really a beautiful solution, however, as far as my testing shows, it
> breaks Microsoft Office 2000 Premium Setup (the moment when you are prompted
> to enter the serial number, and possibly at other places also), and possibly
> other installers depending on Microsoft Installer technology as well. Or, I
> may have had made the folder non-executable, but my ACLs were somewhat
> wrong.

Several others have pointed out the same thing. The temp internet folders
aren't a problem - these really only need to be read-write. In terms of
installing software, using an account other than your normal account to
accomplish that would be the way to go (RunAs under Win2k helps). Or
considering that I don't install software every day, but I do surf the net,
etc. every day, I could script removal and replacement of the 'X' bit, so
set it back, do my install, then reset the permissions.

I understand that this isn't workable for the average end-user, but for
those of us who are a little more adept and security-conscious I think it
might help.

David LeBlanc
dleblanc () mindspring com