|
|
|
|
|
|
by ryanjshaw
59 days ago
|
|
|
This doesn’t solve the problem either, which is that of the Confused Deputy [1]. An arbitrary piece of code I’m downloading shouldn’t be able to run as Ryan by default with access to everything Ryan has. We need to revitalize research into capabilities-based security on consumer OSs, which AFAIK is the only thing that solves this problem. (Web browsers - literally user “agents” - solve this problem with capabilities too: webapps get explicit access to resources, no ambient authority to files, etc.) Solving this problem will only become more pressing as we have more agents acting on our behalf. [1] https://en.wikipedia.org/wiki/Confused_deputy_problem |
|
|