
The MS-DOS Security Model - r11t
http://theinvisiblethings.blogspot.com/2010/08/ms-dos-security-model.html
======
smallblacksun
"[Yes, I know, the user accounts allows also to theoretically share a single
desktop computer among more than one physical users (also known as: people),
but, come on, these days it's that a single person has many computers, and not
the other way around.]"

This is a great example of tech people falsely generalizing their experience
and habits to those of non-tech people. There are many, many families with one
computer that the entire family shares.

~~~
count
True, but those people are generally screwed from a security perspective
anyways.

~~~
pjscott
That becomes hilariously obvious if you look at the great lengths to which
people go to hide their porn stashes on a shared computer:

<http://tvtropes.org/pmwiki/pmwiki.php/TroperTales/PornStash>

My favorite is the guy who uses the Purloined Letter method: he just keeps it
on the desktop in a folder named "New Folder". Though some people's obfuscated
unicode path name tricks are pretty nice, too.

------
jedberg
I was kind of expecting this to link to a blank page. I was pleasantly
surprised to find a very logical and coherent article.

------
skybrian
Android is the only mainstream OS I know that does better than this. Are there
any others?

~~~
alanh
I’m not sure whether the architecture prevents it or not, but certainly the
App Store rules prevent you from dicking around with other apps or their data
on the iPhone. I would also guess automated tests look for violations of this
rule.

------
wnoise
"sandbox -X" (writeup at <http://danwalsh.livejournal.com/31146.html> ) does
in fact let you isolate various applications.

------
Yaggo
Wouldn't surprise me if future versions of OS X adopted sandboxed applications
à la iOS.

~~~
Groxx

      man sandbox
    

Since 10.5. Many applications don't use it, however. But if you're going to be
running remote code (ie, your application has a plugin architecture), you can
use this to make things as secure as you desire. And, if I remember right,
Apple's own software is sandboxed (ie, Pages, etc).

------
JoachimSchipper
X (which sucks in many ways) does have a security extension (which isolates X
clients from each other); a lot of applications don't work with it, but this
problem _has_ been considered.

Frankly, I was expecting this to be a pro-DAC (SELinux/grsecurity/TrustedBSD)
article.

------
TorKlingberg
> But, hey, why this little, made by nobody-knows-who, dive application should
> be given unlimited access to all your personal files, work email, bank
> account, and god-know-what-else-you-keep-on-your-laptop?

This problem is largely getting solved, by web applications. Make little
applications in the form of websites, and people can use it safely as long as
the web browser does not have a security hole.

Running different applications as different users on a desktop machine is too
much trouble anyway.

~~~
gloob
_Make little applications in the form of websites, and people can use it
safely as long as the web browser does not have a security hole._

In practice this means: "Make little applications in the form of websites, and
people cannot use it safely."

------
wazoox
I don't understand. Most things this article pretends are simply wrong : every
application has NOT access to every file on a Linux or Mac OS X computer;
Several people DO share the same computer using different accounts; obviously
the writer's POV is distorted by her strange obsession towards virtualization
and a (faked?) complete misunderstanding of the modern OSes security model.

I would like to be able to downvote this stupid rant :)

~~~
Lagged2Death
The article doesn't make the statement you're negating. The article points out
(and as far as I understand, it's quite right) that a process run in a
particular user's context generally has full control of all files associated
with that user's context.

~~~
wazoox
Indeed, and apparently this makes sense with applications as they are today.
Running each app in its own container, virtualisation-style, wouldn't be
usable.

------
ez77
I don't understand her claims about universal access to all files (as in
rwx?). Not everyone is a sudoer in linux, for instance.

~~~
vladd
Any application that you choose to download and run with your Linux user
account has access to all the files (data) of all other apps, the only
isolation is at the user level (the rwx that you mention), not at the app
level.

It's not reasonable to expect non-technical people to create a user account
for each app they want to download and use from the Internet.

------
acon
Chrome is taking some steps to improve this with its sand boxing and principle
of least authority for its many processes. It will be interesting to see how
this translates to a full operating system when Chrome OS is released. I hope
it will push other operating system developers to improve along this axis.

------
limmeau
You could try to isolate X applications from each other by having each run in
its own nested X server like Xephyr.

------
rubinelli
> no doubt you will want to have some dive log manager application to store
> the history of your dives on a computer

I'm sure there are some very nice web apps for that out there. I don't install
programs I don't intend to run at least weekly anymore, with very few obvious
exceptions.

------
geoffbp
initially I thought "The Invisible Things" was referring to the security model

