The last option is particularly dangerous since users in the admin group usually have passwordless sudo configured, which means that running the pre-installation script in a .pkg gives that script root permissions!
> users in the admin group usually have passwordless sudo configured
I don’t think that’s true. It’s not on by default in macOS, and to turn it on you have to edit /etc/sudoers which isn’t commonly done on macOS (since sudo permissions can be managed via the checkbox in System Preferences).
That's wrong. There are multiple ways to distribute/install/run arbitrary programs on a macOS machine:
- Opening a .dmg disk image file and moving the application inside to /Applications will "install" the application
- Opening a .dmg disk image file and directly running the application inside will immediately run it with the current user's permission
- Extracting a .zip archive will yield the application's directory in wherever the zip file is, ready to execute by clicking on it
- Clicking on a .pkg installer will install the program to the path the user chooses (usually /Applications)
- Clicking on a .pkg installer will allow the installer (after a confirmation prompt) to run a "pre-installation" script - Zoom infamously uses that to ease the installation process (https://www.reddit.com/r/programming/comments/ft3ai3/zoom_us...)
The last option is particularly dangerous since users in the admin group usually have passwordless sudo configured, which means that running the pre-installation script in a .pkg gives that script root permissions!