Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Obligatory reminder of the human angle here: we need also a way for untrusted code to not be able to nag the user into granting them extra permissions.


That's not capability based security, though everyone seems to think it is. (Perhaps it's just survivor bias effecting replies?)

You never get nagged to take $5 out of your wallet to hand to an untrusted person, why should you get nagged to drop a file into an application you don't trust.


"You never get nagged to take $5 out of your wallet to hand to an untrusted person"

I suppose, you never have been to a significantly poorer country? (outside of the protected tourist areas).

Or well, spend time with kids, who really want something.

Begging can get very intense.

And about file permissions, well - are you aware, what kind of permissions the standard free app on the google play store will ask of people? And yes, I won't use them. But I use WhatsApp. Did not wanted to give permission to read contacts, or wide file access. But denying it, means it is allmost unusable, so I also eventually gave in ..


That's not capabilities... your light doesn't ask for permission to get power.

The clerk at the store doesn't ask for permission to take your payment.


  onSave() =>
    fh1 = GetFileWritePerm($documents + "/project.foo");
    fh2 = GetFileReadWritePerm($myFolder + "/cache.db");
    while(!fh3) {
      fh3 = GetFileReadWritePerm("/etc/passwd");
    }


The operating system should allow you to make the choice, then enforce it. Open file X, save file Y.... the user should make those choices (via the OS) and the OS should enforce those decisions... the way applications are currently run, that's not true.


The application still needs to communicate the things it needs, the things on which the OS/the user should make choices. And if the application can communicate this, it can communicate it again. And again. And again. Or flat out refuse to work with "incorrect" choices, and bully the users into compliance.

You'd think that would be really rude of the app. That may have mattered 20-30 years ago. Today, most consumer-facing tech companies - big corporation and small startups alike - adopted "being a rude, obnoxious asshole" as a business model.

Note that this includes all the major commercial OS vendors too - i.e. Apple, Google and Microsoft. This creates a new challenge: how do we design secure systems when neither the apps nor the OS itself are trusted parties? How do we develop this security framework, when untrusted parties are the ones gatekeeping adoption, and also most likely to be developing it?

In other words: how do we maintain security for hens, when the foxes are guarding the hen house?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: