security, permission models (was: Re: Nautilus integration with SELinux)

[Christian Neumair <chris gnome-de org>]

Am Mittwoch, den 01.03.2006, 13:22 -0500 schrieb Ivan Gyurdiev:
> The ordinary user does care about security - ask any Windows user who 
> has had trouble with viruses.

No he doesn't. He hates the Virus, but his aim is that he just doesn't
have to care about security, i.e. security should be guaranteed
automagically without having to deal with it.

Look how naive and obvious people often enter the secret numbers of
their credit cards. People are often unaware how simple it is to harvest
CC numbers and passwords.

There is a reason why most passwords can be cracked using dictionary
attacks, when the dictionary is adapted to the cultural background of
the victims. Peope prefer laziness over security.

We as programmers can force people to use some minimum level of security
(login passwords), and try to eliminate as many exploitable leaks as
possible.

It's the task of media to make people aware of security, activists just
can't reach enough people.

As of writing SElinux is an interesting security approach, because it
tries to combine some of the MLA aspects with the traditional UNIX
permission model, but it doesn't offer anything for the mass market,
because it's limited to /etc foo, i.e. tied to the OS/host instead of
also having some of the connectivity needs of people in scope.

Something fundamentally new would be:

I'd like to be able to tag a file as "All", and have it available
through a sharing service to all people knowing my ID, and all people
logged in on my system in a "Shared Resources" listing. Another tag
"Family" would allow my family to authenticate themselves with their ID
on the sharing service, on my local host or through samba and have the
Documents right on their machine.
Sort of cross-OS/machine ACLs that try to be both secure and seamless,
which is really high-hanging fruit.

-- 
Christian Neumair <chris gnome-de org>