On Thu, 2011-02-17 at 15:24 +, Roger Leigh wrote:
Yes, but like everything there is a tradeoff. A totally secure system
is an unusable system. Having to instruct every user how to relax the
permissions to allow others to access their files, or allow their web
pages to be visible, is effectively pointless make-work if that was
what
you wanted in the first place. And for most people, I would argue
that
/is/ what is wanted.
You don't want to make it harder for users, but this is where design can
help. If we need to make a system which prevents cross user file
attacks, then we could fairly easily implement these things:
* Shared Folder, directory which is available to all users where they
can put explicitly shared contents (MacOSX does this).
* Make sure shared folders via smb/nfs are accessible, make it clear
that this would share files inside the system as much as on the network.
* A program which allows temporary file access to another user's home
folder after the user have authorised the access.
Remember that historically, multi-user systems have been about sharing
and collaboration, not isolation in walled-off prisons. I know which
type of system I want, and it's not the latter.
Yes, but we don't make it clear that a user's home directory is a
free-for-all with all users. Folder indicators would be useful. But do
users know that they've signed up for this when they installed Ubuntu?
I think it's more likely that Ubuntu users think the data is protected
until the magic time when cross-user file access is demanded and then
it's unprotected for that one instance. Computers are magic after all.
Asking users would be key to answering that.
0755 is not inherently insecure. Others can't make any changes, but
they can look. The only issue here is accidental disclosure of
information intended to be private.
If public by default is the way we want to go, then why not have a
Private folder be default in the users home directory? Combined with the
indication emblem in nautilus; this might provide a space for users to
put data. ATM it's too hard to teach users how to secure a folder or
even how to set up an encrypted folder.
Martin,
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/1297961716.28341.10.camel@delen