Now there is a 502 installed thousands of files issue and as everyone probably knows, not every software user actually cares about updating their system yet alone an office package.

Why wouldn’t Intego which asks $70 for an antivirus program on OS X doesn’t do the same trick as a favour for their paying customers? It is not someones “I am 133t, showing OS X issues” thing like MOAB, it is a very widely installed, top seller office software.

Now, if Automator exists there and magically chowned to 502, anyone having 502 (generally,the non admin first account for safety) will have right to deploy any Automator script there. E.g. “convert this file to PDF” could well be rm the file.

I hope I am understanding something wrong but it seems this issue.

Also MS BU may have proved the causes of decade old ex NeXT and Mac developers still staying away from Apple pkg format saying it is way too powerful in a bad way.

Speaking about wrong permissions, someone should see the ever ongoing scandal of Adobe (and Macromedia, before) to install Flash with wrong permissions in each build.

By the way, I’ve posted a blog entry to Mac Mojo with some terminal commands to fix the file ownership issues. The exec bit issues are hard to fix with a simple terminal command, but we’ll be fixing both in a pending software update.

http://www.officeformac.com/blog/Security-issue-in-Mac-Office-2008-Installer

You support my point! It’s about *my* control and not, in this case Microsoft’s control, or *any* random developer’s control. Apple should not be handing off control of your computer to any fool that can create a package, yet that is exactly what they’ve been doing.

“The design, as it stands, allows for the most seamless, least problematic installation and use of software by any user on a given machine.”

Yeah, if you ignore the fact this very article exists for you to respond to. Apple’s own advice is that you should not need an installer to run an app, and I would absolutely agree that there is *nothing* about an office suite that requires administrative access.

“Under your scenario any additional users will not be able to make use of what should be software accessible by all users of the machine without your direct intervention.”

No, under my scenario an individual wouldn’t have to become administrator to use an app themselves, and the *optional* system-wide installation *might* involve getting *write* access to *particular* folders. There is simply no sane reason for an installer to blindly start changing ownership and permissions of entire directory trees. If you can’t refute that very basic point, stop making yourself look bad by trying to make Apple look good.

That’s where you’re just dreaming. There are permissions and ownerships to conform to when building an installation package. If someone plans to install stuff in /Applications or /Library, then the owners have to be root:admin. The permissions should be 775 for folders, 664 for non executable files, etc. It’s not democracy here, it’s security and common sense.

For the record, PackageMaker (or WreckageMaker depending on how much you like this app) includes a tool to check files permissions and ownership against common recommendations.

And anyway, are they not doing QA testing in the MacBU?

Finally, I don’t see why people are that agitated because of this mistake. It’s not as bad as an Intuit update who deleted user’s desktop.