[79107] in cryptography@c2.net mail archive
Re: One Laptop per Child security
daemon@ATHENA.MIT.EDU (Nicolas Williams)
Thu Feb 8 14:32:25 2007
Date: Thu, 8 Feb 2007 12:42:49 -0600
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: "James A. Donald" <jamesd@echeque.com>
Cc: "Steven M. Bellovin" <smb@cs.columbia.edu>,
Saqib Ali <docbook.xml@gmail.com>,
Ivan Krsti? <krstic@solarsail.hcs.harvard.edu>,
Metzdowd Crypto <cryptography@metzdowd.com>
In-Reply-To: <45CAE02C.2070009@echeque.com>
On Thu, Feb 08, 2007 at 06:32:44PM +1000, James A. Donald wrote:
> For many tasks, they have to call upon a small amount of
> trusted code. For example the normal way an editor
> opens a file is that one gives the editor a file name,
> and the editor, having full user authority to read or
> change any file in the system, plays nice and opens and
> changes *only* that file. In this OS, instead the
> editor asks trusted code for a file handle, and gets the
> handle to a file chosen by the user, and can modify that
> file and no other.
If this means pop-up dialogs for every little thing an application wants
to do then the result may well be further training users to click 'OK'.
The more complex the application, the harder it is for the user to
evaluate all its access requests (if nothing else due to lack of
time/patience).
As for browsers, you'd have to make sure that every window/tab/frame is
treated as a separate application, and even then that probably wouldn't
be enough. Remember, the browser is a sort of operating system itself
-- applying policy to it is akin to applying policy to the open-ended
set of applications that it runs.
Nico
--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
