Re: More desktop security thoughts (was Re: GNOME privilege library)

[Mike Hearn <mike navi cx>]

On Thu, 13 Jan 2005 17:15:46 -0800, George Farris wrote:
> Which strikes me as a great way for some misbehaving process to walk
> through everyones files and do bad things.  Users most probably don't
> know what to protect by default.  I think your view is maybe a little
> scary but I'm going to keep an open mind.  Carry on.

OK then, seeing as you asked for it :)

This is the same thing as my reply to Havoc. Where does this misbehaving
process come from? Well, it could be:

- A buggy app. Bugs happen. If a bug happens in X or the kernel or the
  filesystem driver then the system is toast anyway so we shouldn't be
  designing the desktop around buggy apps. MAC like SELinux can provide
  a nice safety net against accidentally mistakes like this anyway.

- A deliberately malicious app. How did it get on the system?

    - Social engineering. See distributed whitelist/SSL discussion in
      my reply to Havoc
    - Virus that broke in via exploits in network daemon/mail reader/web
      browser whatever. 

      Solution: make it harder for viruses to break in. Use MAC to
      provide damage control in the case of exploits.

Are there any cases where a misbehaving process would do bad things to
everybodies files? Not sure, but I can't think of any at the moment.

thanks -mike