Hacker News new | ask | show | jobs
by simondotau 68 days ago
From the operating system’s perspective, everything is the user. Or everything is an app developer. Depends on perspective. Disambiguating reliably, in a way you’d consider reasonable, is not trivial (and arguably impossible).
2 comments
Dylan16807 68 days ago
Phone-style isolation is more like giving each app a separate user account. With that level of isolation and robust permissions, apps can do very little "on your behalf".
link
simondotau 68 days ago
How do you do anything on a computer that’s not via an app of some description? Do you make arbitrary exceptions for the likes of zsh and chmod? How does the OS know that chmod was knowingly run by the user, and not by some “sudo wget” exploit?
link
Dylan16807 68 days ago
> How do you do anything on a computer that’s not via an app of some description? Do you make arbitrary exceptions for the likes of zsh and chmod? How does the OS know that chmod was knowingly run by the user, and not by some “sudo wget” exploit?

I'm not sure what the purpose of the question is, because a unixy command line doesn't use phone-style permissions. I didn't say everything works this way.

If I installed photoshop with phone-style permissions, it wouldn't be able to invoke chmod and wouldn't even be able to access my downloads folder.

(Trying to tighten down a command line shell ends up being a tangent, but the short answer is that zsh itself would need to be trusted and hardened, and wget would not be allowed to run chmod. When it comes to downloading a script and then running that script on purpose, you probably just have to accept that doing so bypasses the permission system. Thankfully I very rarely need to do something like that.)

link
selcuka 67 days ago
So you installed a text editor and wanted to edit /etc/hosts. Should the OS permit you to save your changes or not?

Now what should happen if the text editor decides to modify /etc/hosts without your knowledge?

link
Dylan16807 67 days ago
The secure answer is that the OS gives you a trusted file picker and it grants access to that specific file to the text editor.

This works better with a GUI, but you can adapt it to a console too.

link
lmz 67 days ago
> Now what should happen if the text editor decides to modify /etc/hosts without your knowledge?

Pop up a UAC prompt of course. It worked so well for Vista.

link
nulld3v 68 days ago
I'm not sure I fully understand you. All those OSes try very, very hard to disambiguate between apps and the user itself?
link
lmz 68 days ago
A program touches a system file. Is it due to its own logic, or is it your editor saving a file?
link
simondotau 68 days ago
Pretend you’re the operating system for a moment. What does “the user” look like, if not an app doing things?
link