[Dylan16807]

Phone-style isolation is more like giving each app a separate user account. With that level of isolation and robust permissions, apps can do very little "on your behalf".

[simondotau]

How do you do anything on a computer that’s not via an app of some description? Do you make arbitrary exceptions for the likes of zsh and chmod? How does the OS know that chmod was knowingly run by the user, and not by some “sudo wget” exploit?

[Dylan16807]

> How do you do anything on a computer that’s not via an app of some description? Do you make arbitrary exceptions for the likes of zsh and chmod? How does the OS know that chmod was knowingly run by the user, and not by some “sudo wget” exploit?

I'm not sure what the purpose of the question is, because a unixy command line doesn't use phone-style permissions. I didn't say everything works this way.

If I installed photoshop with phone-style permissions, it wouldn't be able to invoke chmod and wouldn't even be able to access my downloads folder.

(Trying to tighten down a command line shell ends up being a tangent, but the short answer is that zsh itself would need to be trusted and hardened, and wget would not be allowed to run chmod. When it comes to downloading a script and then running that script on purpose, you probably just have to accept that doing so bypasses the permission system. Thankfully I very rarely need to do something like that.)

[selcuka]

So you installed a text editor and wanted to edit /etc/hosts. Should the OS permit you to save your changes or not?

Now what should happen if the text editor decides to modify /etc/hosts without your knowledge?

[Dylan16807]

The secure answer is that the OS gives you a trusted file picker and it grants access to that specific file to the text editor.

This works better with a GUI, but you can adapt it to a console too.

[lmz]

> Now what should happen if the text editor decides to modify /etc/hosts without your knowledge?

Pop up a UAC prompt of course. It worked so well for Vista.