One Laptop per Child security
Nicolas Williams
Nicolas.Williams at sun.com
Thu Feb 8 13:42:49 EST 2007
On Thu, Feb 08, 2007 at 06:32:44PM +1000, James A. Donald wrote:
> For many tasks, they have to call upon a small amount of
> trusted code. For example the normal way an editor
> opens a file is that one gives the editor a file name,
> and the editor, having full user authority to read or
> change any file in the system, plays nice and opens and
> changes *only* that file. In this OS, instead the
> editor asks trusted code for a file handle, and gets the
> handle to a file chosen by the user, and can modify that
> file and no other.
If this means pop-up dialogs for every little thing an application wants
to do then the result may well be further training users to click 'OK'.
The more complex the application, the harder it is for the user to
evaluate all its access requests (if nothing else due to lack of
time/patience).
As for browsers, you'd have to make sure that every window/tab/frame is
treated as a separate application, and even then that probably wouldn't
be enough. Remember, the browser is a sort of operating system itself
-- applying policy to it is akin to applying policy to the open-ended
set of applications that it runs.
Nico
--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list