Thank you for the bug report eswald: I can confirm this bug with mintInstall 6.3.4 on a fresh install - steps to reproduce:
1) close all firefox instances
2) verify no firefox processes are running (e.g. system monitor/top)
3) "visit" an app's site from mintInstall
4) note the firefox process is running as user root
eswald wrote:While in mintInstall 6.3.4, the Visit button in each package's information panel opens the web browser (Firefox by default) with root privileges.
How do you know that?
Go to System Monitor, enable the user field, then you'll see the firefox process running as root
Mintinstall as well as synaptic (Software manager) on the Mint menu, both run under the first user's authorization, it is not quite root, since the root account is disabled by default in the Linux mint 7 - gloria installation
While it is true that mintInstall uses gksu rather than root, the effect is the same, in that the firefox process is indeed run as root. Also the root account is not actually disabled at all in Gloria as it was in previous releases, instead it is created with the same password as the initial user on install.
You don't have to visit any web page, there is usually enough information provided in the description or the short description title to decide whether or not to install that software
--if there wasn't (enough information being provided) you would be blindly installing any/all packages just to see what they were or how they worked..
And you need a certain level of access to install applications, unless you do it manually and perhaps direct an installation to a private directory, such as /home/usr/myapps
--and you could control the pseudo root access to when it was needed, if at all..
While all true, it's kind of irrelevant, since the visit functionality is there, and is not tied in to the installation process
eswald wrote:In addition to the security risks involved, this replaces the user's bookmarks with the defaults
I just ran mintinstall, used the Visit button for an application, and nothing in my bookmarks was changed..In addition to the security risks involved
I don't see the risk here!, my session would have to be intercepted by the web page I visit or otherwise..
- the ISP has a router firewall, which protects my connection
--they (ISPs') do this as much for themselves as me, it also protects their network.
One of the reasons you shouldn't buy into do you want our Internet security package deal, unless you want to help them out financially..
Nevertheless, the is a minor security risk, and there's no need to run the browser as root, so we may as well not.
If you have a question that has been answered and solved, then please edit your original post and put a [SOLVED] at the end of your subject header
Hint - use a google search including the search term site:forums.linuxmint.com