Re: More desktop security thoughts (was Re: GNOME privilege library)
- From: Mike Hearn <mike navi cx>
- To: desktop-devel-list gnome org
- Subject: Re: More desktop security thoughts (was Re: GNOME privilege library)
- Date: Fri, 14 Jan 2005 14:43:34 +0000
On Fri, 14 Jan 2005 07:58:59 -0500, Larry W. Virden wrote:
> But, with every user having the ability to do what every they want, the ability to
> do damage out of ignorance or by mistake must never be underestimated...
If we ignore the command line then the UI should not expose ways of
utterly trashing the system. Period. End of story.
If you think about consumer electronics that have been successful and
taken off, one running theme is that they're predictable and safe. TiVo,
iPod etc - none of these devices allow you to arbitrarily destroy them by
feeding it bad input.
GNOME should be the same. Obviously if somebody opens up the command line
and does rm -rf / then it's game over. But why would they do that if the
GUI offers them everything they need?
Right now GNOME is heading in the right direction: the UNIX fs only leaks
out in a few places and it's generally well hidden. MacOS X actually takes
it a step further, you can't access it at all from the UI as far as I'm
There aren't many places in GNOME where giving it bad input can break it.
Maybe the session manager, maybe GConf.
Unfortunately Linux itself is pretty much the polar opposite: it's trivial
to render many distros unbootable simply by following instructions or even
by applying automatic security updates! And if you think about it, it's
not surprising that these urban legends of people deleting the kernel to
clean things up are around: what other device *apart* from a desktop
computer mixes up personal user-owned stuff with implementation details?
] [Thread Prev