Hacker News new | ask | show | jobs
by pjc50 601 days ago
> In a single-user environment, where malware is the biggest concern in current times, what difference does it make if it's a process running under a different user or one that is running under your current user that is attacking you?

Very true, and this is a real weakness of the UNIX (and Windows, even worse!) style security model in the modern environment. Android/iOS do a lot better.
2 comments
marcosdumay 600 days ago
> Android/iOS do a lot better.

They would if they were designed with the user's security in mind, instead of Google's/Apple's control.

But I disagree, they don't do better at all. Any software that wants to get access to everything just needs to insist.

link
anthk 600 days ago
Check pledge/unveil under OpenBSD. You get isolated software yet with freedoms.
link
marcosdumay 600 days ago
I've recently packed some Linux software in flatpak. It's surprisingly good.

Not as good as a real capability-based access control, but quite good compared to the other things that are usable on Linux.

link
pxc 600 days ago
Why are capabilities restrictions not the norm when the concept is so old and seemingly so sound?
link
marcosdumay 599 days ago
Linux doesn't have a good capability system.

And no good system makes it into Linux because it has a huge, well supported one, and some 3 other candidates pushing to get there already.

link
pxc 597 days ago
So something crummy but usable-enough for experts (SELinux?) worse-is-better'd its way onto the Linux scene, and now it has matured enough that on the one hand it can't be displaced but on the other its model is ossified and can't be untangled or simplified. Makes sense.

I love Linux and many of the fruits of its messy evolution, but such fruits are certainly not all equally delicious. :(

link
pjc50 599 days ago
They're really annoying to use.

Also the "UNIX ideal" is composable tools, which doesn't combine very well with any kind of sandboxing.

link
marcosdumay 599 days ago
The thing about capabilities is that they compose very well.
link
int_19h 600 days ago
"Modern" Windows apps actually have a sandbox (which includes a private temporary folder), and require permissions to access pretty much anything outside. This is all implemented in terms of the existing Win32 security model, fundamentally.

In principle, there's nothing precluding e.g. having a separate user per app on Linux, either...

link