[ge-talk] Security services provided by OS
Michael Phipps
mphipps1 at rochester.rr.com
Sun Jan 7 14:10:25 EST 2007
Zenja Solaja wrote:
> Axel has a point - little Brian cannot install add-ons which can overwrite
> system add-ons. But then again, how do you separate Haiku distributed
> add-ons with Administrator installed add-ons. The OSX approach is to
> have a
> "/System" directory (Apple exclusive), a "/Library" directory (for root
> user
> installed addons), and a "~/Library" for little Brians add-ons. Brians
> add-ons cannot override any of the other 2.
Actually, now that you state it that way...
If obfs had an exclusive read/write lock on /dev/disk/ide/0/0, Little
Brian's hacked-obfs wouldn't be able to touch it. Problem solved.
> When it comes to protecting user data from other users, I'm really more
> inclined to go down the encrypted directory path, since realistically, only
> a limited amount of data is private, and a majority is sharable. Little
> Brian may have photos and music he wants to share with his sister Sue, and
> using the concept of shared directories is too much of an overhead /
> nuisance. The most often case should be the default (everything
> accessible), while the less often case (private data) should be the
> exception which the user has to work around.
I like to assume that all of my private files are private. Otherwise, why
even bother with file permissions?
> An encrypted directory, or even better, an encrypted volume which the user
> mounts (with passwords/keys) can easily solve the problem.
>
> Actually, the more I think of mountable image files, the more I realise
> that
> it can be used for everything. Why cant the entire user home directory
> be a
> mountable image file. When you transfer between 2 boxes (laptop and main
> PC, new PC, etc), moving your data across is as simple as moving one image
> file. Likewise, the system directory is an image file, easily updateable /
> replacable. Hose your system - just restore the system image from a backup
> image file.
Yes! This is also the methodology that I liked for distributing
applications (bundles).
More information about the glasselevator-talk
mailing list