[ge-talk] Security services provided by OS
Zenja Solaja
solaja at gmail.com
Sat Jan 6 18:13:09 EST 2007
Axel has a point - little Brian cannot install add-ons which can overwrite
system add-ons. But then again, how do you separate Haiku distributed
add-ons with Administrator installed add-ons. The OSX approach is to have a
"/System" directory (Apple exclusive), a "/Library" directory (for root user
installed addons), and a "~/Library" for little Brians add-ons. Brians
add-ons cannot override any of the other 2.
BeInc had a similar philosophy with /beos/system and ~/config directories,
but obviously missed a directory for Administrator approved add-ons. I
think Haiku would have to add this in R2.
When it comes to protecting user data from other users, I'm really more
inclined to go down the encrypted directory path, since realistically, only
a limited amount of data is private, and a majority is sharable. Little
Brian may have photos and music he wants to share with his sister Sue, and
using the concept of shared directories is too much of an overhead /
nuisance. The most often case should be the default (everything
accessible), while the less often case (private data) should be the
exception which the user has to work around.
An encrypted directory, or even better, an encrypted volume which the user
mounts (with passwords/keys) can easily solve the problem.
Actually, the more I think of mountable image files, the more I realise that
it can be used for everything. Why cant the entire user home directory be a
mountable image file. When you transfer between 2 boxes (laptop and main
PC, new PC, etc), moving your data across is as simple as moving one image
file. Likewise, the system directory is an image file, easily updateable /
replacable. Hose your system - just restore the system image from a backup
image file.
On 1/6/07, Axel Dörfler <axeld at pinc-software.de> wrote:
>
> Michael Phipps <mphipps1 at rochester.rr.com> wrote:
> > has fixed it, we can too). Your point about the hacked file system is
> > valid. Since we allow add-ons in your home directory, it would be
> > tough to
> > prevent this.
>
> It's pretty clear that a multi-user system will *not* allow any user
> add-ons for global services.
> That includes the kernel, the input_server, the media_server, etc.
>
> Bye,
> Axel.
>
> _______________________________________________
> glasselevator-talk mailing list
> glasselevator-talk at bug-br.org.br
> http://www.bug-br.org.br/mailman/listinfo/glasselevator-talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.bug-br.org.br/pipermail/glasselevator-talk/attachments/20070106/5df058b0/attachment.html
More information about the glasselevator-talk
mailing list