Modern security on Linux is hardly dependent on the POSIX security model. > Do I want Firefox to have access to my Contacts? My Photos? Do I want Facebook to have that access? To all of them, or just ones that I select? Should my disk utility have the ability to send data over the network? My IDE? My IDE plugins? Wouldn't it be nice if bash arranged a read-only capability granted to the grep process for all files under ~/src based on the above command, and if the grep executable itself had no inherent permissions at all? Have you read every line of code of every package you've installed? Rather than relying on 'trust', 2021 requires that we actually have some security model that doesn't rely on trust, but explicit permissions and grants, and workable UI for defining that. But in the basic POSIX environment it can access anything I can (including, say, ~/.ssh) and open up any old socket it wants and send data wherever it chooses. e.g., when I run `grep -e "Something" -r ~/src`, I assume grep is going to read all of the files in ~/src. This has nothing to do with "stores", and everything to do with the security model and the UI needed to make it work. Most often we should use the identity of the "developer".ĭo I want Firefox to have access to my Contacts? My Photos? Do I want Facebook to have that access? To all of them, or just ones that I select? Should my disk utility have the ability to send data over the network? My IDE? My IDE plugins? POSIX apps run as the user, when they really need to be run with their own identity. I think we are really conflating "app store distribution" and "the POSIX userland isn't workable in a modern security environment for end-users". Yet Apple, Google and Microsoft are doing just that. In fact, if a security model that depended on a company like Red Hat authorizing what can or can't run on Linux, it would be rightly criticized as Red Hat trying to "own" everything instead of developing a secure system at the OS level. It is interesting that you bring up Qubes OS, because its security model doesn't depend on Invisible Things Lab, the Qubes developer, deciding what can or can't run on Qubes OS. It's not a coincidence that Apple, Google and Microsoft's security implementations enshrine each of them as ultimate gatekeeper and single source of truth for security on their respective operating systems. This is because Google and Microsoft want to own everything, as well. Starting with research examples like Qubes, and all the mainstream security efforts in Windows, and ChromeOS.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |