| lol, ok lets break this down Barney style: Converting sunlight to electricity is a solved problem. The "energy crisis" remains unsolved. Jailing processes is a solved problem. Preventing users from shooting themselves in the foot remains unsolved. Now let us reexamine the post: > ...would be a helpful thing to build into modern operating systems... Already built in. > Why can’t we also have something analogous where different files or other system resources are only accessible to applications that have been approved for that access? We do. Solved problem. Now if we want to prevent users from shooting themselves, that is a different problem. That last paragraph sure makes it sound like the writer is unaware of these solution's existence... but let us suppose that he knows about them and is coming at it from your perspective. In that case I agree, we don't have a solution in place - and I'd love to see one in common use. I'd think you'd be able to implement such a system through package management for the majority of software, an added chroot step. That is why I included distro and application devs in those that share blame for the problem. Users are also included, to a smaller degree, because this is a known problem with a known solution. |
Some systems mentioned in this HN discussion are closer to the kind of model I had in mind. As other posters have pointed out, the difficulty is how you structure a system so that it is reasonably effective by default but still usable by non-experts. I believe we could achieve this — or at least get much closer than the typical security models we use at the moment — but it will surely take a lot more thought and experimentation than we have attempted as an industry so far. Microsoft’s UAC mechanism makes an interesting case study here: it was fundamentally a reasonable idea, but the first implementation proved too intrusive for average users to tolerate and lost much of its effectiveness as a result.