On Thu, 2011-02-17 at 15:24 +0000, Roger Leigh wrote: > Yes, but like everything there is a tradeoff. A totally secure system > is an unusable system. Having to instruct every user how to relax the > permissions to allow others to access their files, or allow their web > pages to be visible, is effectively pointless make-work if that was > what > you wanted in the first place. And for most people, I would argue > that > /is/ what is wanted.
You don't want to make it harder for users, but this is where design can help. If we need to make a system which prevents cross user file attacks, then we could fairly easily implement these things: * Shared Folder, directory which is available to all users where they can put explicitly shared contents (MacOSX does this). * Make sure shared folders via smb/nfs are accessible, make it clear that this would share files inside the system as much as on the network. * A program which allows temporary file access to another user's home folder after the user have authorised the access. > Remember that historically, multi-user systems have been about sharing > and collaboration, not isolation in walled-off prisons. I know which > type of system I want, and it's not the latter. Yes, but we don't make it clear that a user's home directory is a free-for-all with all users. Folder indicators would be useful. But do users know that they've signed up for this when they installed Ubuntu? I think it's more likely that Ubuntu users think the data is protected until the magic time when cross-user file access is demanded and then it's unprotected for that one instance. Computers are magic after all. Asking users would be key to answering that. > 0755 is not inherently insecure. Others can't make any changes, but > they can look. The only issue here is accidental disclosure of > information intended to be private. If public by default is the way we want to go, then why not have a Private folder be default in the users home directory? Combined with the indication emblem in nautilus; this might provide a space for users to put data. ATM it's too hard to teach users how to secure a folder or even how to set up an encrypted folder. Martin, -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1297961716.28341.10.camel@delen
