| >Are the security systems that weak? YES, by design. Unix is modeled on trusting the user, and thus trusts anything the user runs. There is no mechanism for a Unix user to specify (easily) to run X with files Y and Z. Everything is a variation of this security model, Linux, Windows, MacOS There are systems that trust nothing except the kernel. There are kernels that are mathematically proven to meet their specifications. There are operating systems being built on top of these "microkernels". With these systems, you'll be able to run anything with files Y and Z, and be reliably certain that no other files or resources will be affected. This model is called capability based security. Smartphones have a very crude (almost unusable) version of this when you tell an "app" that it can access your phone, or contacts, etc. This is not what a fine grained capability system is like, and in fact is the worst possible example. {Sometimes I suspect the NSA put this into use to discourage threads that might lead to actually secure computing for the masses} The closest we came to a reasonably secure computer for the masses was an IBM PC/XT with dual floppy drives running MS-DOS. The hardware enforced write protects on diskettes, so it was possible to have the same crude, but useable capability system in terms of access to diskette worth of data, read or read/write at your discretion. It saddens me greatly to think that 1984 might have been the high water mark of secure general purpose computing, but so far it is. |