Per-process permissions

I've had the idea to implement per-process permissions for a few years now, but someone on Slashdot expressed the exact same idea as mine in an easy-to-understand way (and got moderated +5 for it...):

Hey, it's time for me to bring out my rant against current Unix/Windows permissions systems! Whee.

OK, here's the short version: it's good that files on modern OS have access restricted to certain users, but that's not nearly enough. Instead access to files should be further restricted by process so that eg. Firefox only has permission to read/write to its cache, bookmarks, and download folders and that's it. If you need to upload, it should be forced to use a common API to beg the user for permission to even view uploadable files. Why? Well, exactly to stop this sort of exploit where a trojan promises to do something useful, but actually searches (using fancy new Spotlight and Windows Search, no less!) for files called "my CC#s" to send back to the mothership.

In other words, I think we should Sandbox Everything.

Apparently, SE Linux is trying to do something like this, but OS vendors need to find a way to make this whole process seamless and easy, so that I can right click on an application, go to permissions, and say, "This program I will allow to read my home directory, but only write to its own directories; that one I will let write anywhere, but read only itself" and so on.

It will be really hard to implement this in a user friendly way, but it is clearly the necessary next step in computer security. Apple, Microsoft, and (consumer oriented) Linux devs should start working on this now.

No comments: