You have no choice however, if you want a fully-functional, productive environment. The instant you do that, you’ve essentially broken your sandbox. I think the best approach would be iOS-style sandboxing (notice I did not say having a locked down app store) but you need to allow either filesystem access or the ability to otherwise share data between applications. It’s rather like various systems of government in that respect: they look great on paper, but then you get people involved and somehow it never turns out as expected. When users are involved, you cannot prevent them from doing something stupid. The long and short of it is that you will never have a perfect security mechanism. I then want to send portions of it over to an audio editor rather than a multi-track recorder program… oops, can’t do that with iOS. Say I have an audio project which I’m recording. Not only do we not have access to the filesystem (which I could live with if I had to) but we can’t send a file across to another application. ![]() That approach works to an extent, but forces a massive inconvenience on more knowledgeable users. Whether it’s a wordprocessor that you need to let access your documents folders (both local and remote) or a VOIP application that a user wants running on start-up, you will have to give it permission to access something outside of its own resources unless you want to end up like the Apple app stores. No matter how tightly you sandbox something, you’re eventually going to have to give it permission to access something. ![]() It is also just too bad that all too often, OS manufacturers also use it to force some locked-down “application store” down user’s throat, making a bad name of an otherwise perfectly fine technology among expert users.Įven then, it won’t be effective. How are Microsoft supposed to teach them that they should now be wary of such behaviour and expect a fine-grained description of what the program is up to ? Same thing for all these Mac users that know for sure that “If that Flash installer from wants to make changes to my computer and displays a window with a lock on it, I should sure give it my password !”Īnd then you have Fedora and iOS, which completely fail to understand what sandboxing is about and hide its existence away from users altogether…īecause of this legacy user problem, it seems to me that sandboxing can only be successfully implemented in new OSs or incompatible and rebranded forks of existing OSs. ![]() We have billions of Windows users out there who have been trained for decades to give root access to any “installer” program. The problem with all these approaches that try to add sandboxing functionality to existing OSs, is that sandboxing is only useful if users and developers are aware of its existence and ready to deal with it. So my last remark can be compensated by making static analysis tools part of the standard compiler toolchain. Of course, once you car manipulate assembly, the language used to compile the code does not matter that much. We will only get more secure OS, when the mainstream OS finally adopt microkernel architectures, with enforced sandboxing for all applications.Īdditionally moving away from C to more strong typed languages without buffer overflows by design, would help reducing the amount of attack vectors. This is enough to make your “My Documents”, $HOME, /Users/username visible to the world. Or how easy it is to hack certain Android mobile phones.Īnd let’s not forget if the operating system does not make use of proper sandboxing, an owned process will have all the rights as the user account it runs under. ![]() See what is happening to Mac OS X, now that it has a user base big enough to attract attention. But this only makes the other platforms, ignored platforms, not more secure.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |