| > I think desktop-style devices are going more in the direction of being personal. For many people you're probably right. I do think that there's tremendous value in segmenting out one's various personæ. There's no particularly good reason why I should give a binary game blob access to the same user data that contains my financial data, passwords &c. A finer-grained system would be nice, no doubt, but OS users are pretty time-tested. > Maybe someone else here has already thought about it and can put it into writing? Well, in principle capabilities systems can do a lot of this already. As myself, I can give a capability to a server, and it can use that capability to execute work on my behalf; once I've received the result, I can (presumably) revoke that capability. Capabilities can even be used to implement filesystems: my process might have a filesystem root capability, which permits it to see a single directory, which is itself a list of capabilities to directories and files, &c. Pretty neat stuff. There's been some interesting work with capabilities done in EROS, its successor Coyotos & Tahoe-LAFS. I skimmed your thesis—really interesting work! |
Mmmhmm. From what I understand, Android runs each Android application on the system as its own user and handles application permissions by making each permission its own group. Linux's user isolation is pretty good.
Other than lack of manpower and lack of interest, there's no reason why a Linux distro couldn't put in the medium-to-large amount of work it would take to make wrappers to do similar things for their most popular Linux applications. :)