I was trying to transcribe an earlier post by Jim in which he mentioned some permissions manager work he is working.
Replies inline. ----- Original Message ----- > From: "lkcl luke" <[email protected]> > To: "David Chan" <[email protected]> > Cc: "Jim Straus" <[email protected]>, [email protected], > [email protected], "Mozilla B2G mailing > list" <[email protected]>, [email protected], "mozilla > dev webapps" > <[email protected]>, "Jonas Sicking" <[email protected]> > Sent: Thursday, March 15, 2012 3:09:36 PM > Subject: Re: [b2g] OpenWebApps/B2G Security model > > On Thu, Mar 15, 2012 at 9:14 PM, David Chan <[email protected]> > wrote: > > I broke this out into its own heading > > https://wiki.mozilla.org/Apps/Security#Centralized_permissions_manager > > i'm reading this section... it's very hard to understand the concept > being proposed. even the purpose of the proposed "Centralised > permissions manager" is hard for me to grok, for which i apologise. > it's particularly confusing for me because i understand how SE/Linux > works. > > SE/Linux is fundamentally implemented at kernel level. any > significant system call, be it a file/socket operation such as read, > write, open, ioctl or other such as fork, exec, mmap etc., all of > these aren't just "allowed", they're audited and controlled... by the > *kernel*. > > for proper security - for proper enforcement of permissions - it > *has* to be implemented at the kernel level. it just does. you > simply can't have security implemented in userspace: you've a > snowball > in hell's chance of calling it "security". > I agree that controls have to be implemented at a low level. This goes back to the post by SUN Haitao with the various levels / rings. We could place a permissions manager at level 1, but it is pointless as pointed out by your and others. I'll change the heading to say kernel instead of centralized. If another proposal comes along with the permissions manager at a different level, we can debate the merits of that. > so from that perspective, proposing the existence of a "centralised > permissions manager" is a misnomer. it's the kernel, and that's the > end of the matter. (sorry, but it is. even android implemented > their > security system kernel-side). > > so i believe you _mayyy_ be referring to a system which helps users > to interact with granting or denying access to certain features and > information. > > parts of the description _may_ be referring to a system which helps > the developers to *create* the sets of permissions that will end up > being associated with the app. > > it is very hard to tell, and i get completely lost when reading the > bit about "uri signatures". > I believe "URI signature" is a term Jim was using to identify an app requesting the permissions. All permissions grants/access should be able to use this "signature" to identify the app. We briefly mentioned UUID in another thread, or hash based off a key. There needs to be a guarantee that even if another app spoofed the identifier, that only the real app can prove it owns the identifier. Jim, is my interpretation correct? David Chan > i must be missing something, for which i apologise. > > l. > _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
