Sortix isn't secure for multiuser yet as of this writing -- so to be up front about it, any user can setuid(2) to root with no check.
Even multiple uids don't help. If the threat model is malicious apps tracking & stealing PI, you need zero view of outside environment.
-
-
Absolutely. uids just enumerate security contexts (Sortix has 64-bit uid_t). You need strong restrictions on what such users can do.
-
And that's the tricky part.
End of conversation
New conversation -
-
-
True, but what security model protects against those? At some point you have to give credentials for apps to do their job.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.