[ge-talk] Security services provided by OS
Paul van Nugteren
pmvannugteren at eml.cc
Sun Jan 7 06:51:08 EST 2007
Are you sure? Seems a pretty obvious idea...
> Protection #2 (prevent application from destroying files) actually has a
> very simple solution which no OS really uses, which is quite puzzling.
> Simply restrict the application from only modifying files in its current
> directory or lower, but never higher. ie. an application in
> /boot/apps/Sandbox can only modify files in the Sandbox directory and
> lower
> (and obviously ~/config/settings/Sandbox). If an application needs to do
> anything outside it's boundaries, pop up an alert asking for permission /
> password. There is also a third directory which we will allow access to,
> and that is wherever the user open/saved a file to. This approach allows
> audio players to access my MP3 directory, but never /boot/beos/system).
> Spawned applications inherit directory restrictions.
Still the mp3 player needs to write to '/dev/audio'. I think the system
should never allow it too read anything else than music files, but what
about private voice recordings? It could read those and secretly upload.
http://www.fastmail.fm
More information about the glasselevator-talk
mailing list