It isn't really easy or exciting. Lots of tech debt. It's just general background work that slowly fixes mistakes.
-
-
Replying to @sortiecat @laurentbercot
It's hard to know when one is done making the system secure. Probably never happens.
1 reply 0 retweets 0 likes -
Replying to @sortiecat @laurentbercot
Truthfully only single users will be using it for now. I look forward to sandboxing and multiuser though.
2 replies 0 retweets 0 likes -
Replying to @sortiecat @laurentbercot
This isn't necessarily bad. There's an argument to be made that multiuser is obsolete, obsoleted by containers.
2 replies 0 retweets 2 likes -
Replying to @RichFelker @laurentbercot
Absolutely. I do need account separation to work. But the 1 user = 1 account is a bit outdated now that we run partially trusted apps.
1 reply 0 retweets 0 likes -
Replying to @sortiecat @RichFelker
Still, I'm doing the traditional thing first, it has predictable results. I'd like to explore other account models though in the future.
1 reply 0 retweets 0 likes -
Replying to @sortiecat @RichFelker
One of the thoughts I toyed with was subusers, where there's a main user that's like root to a set of subusers. Each app is a subuser then.
2 replies 0 retweets 0 likes -
Replying to @sortiecat @RichFelker
Yes, I've thought about that model for a while. The Unix account model is insufficient. One person/app/... needs several uids.
2 replies 0 retweets 1 like -
Replying to @laurentbercot @sortiecat
Even multiple uids don't help. If the threat model is malicious apps tracking & stealing PI, you need zero view of outside environment.
2 replies 0 retweets 0 likes -
Replying to @RichFelker @laurentbercot
Absolutely. uids just enumerate security contexts (Sortix has 64-bit uid_t). You need strong restrictions on what such users can do.
2 replies 0 retweets 0 likes
Not even that. All uids still share way too much to be real security contexts. (pid space, filesystem, ...)
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.