On Tue, Jun 13, 2017 at 05:17:54PM +0200, Kamil CholewiĆski wrote:
> On Tue, 13 Jun 2017, hiro <23hiro_AT_gmail.com> wrote:
> > [...] android is doing the right thing: it separates processes by
> > running them as separate users. [...]
>
> Every respectable OS/distro packages daemons to run as separate users.
> Every respectable piece of software separates privileges and uses
> sandboxing / hardening techniques, like chroot, pledge, yadda yadda.
You are being unreasonable here: you are presuming that "computer security"
does exist... but it does not.
"Security" is not what matters here. The real matter is a model to partition
the system ressources (cpu/gpu/ram/network/file system ops/etc) a model to
allocate them. You have different levels of partition and allocation:
- file system modes.
- sid/uid/gid.
- control groups.
- namespaces.
- etc.
--
Sylvain
Received on Tue Jun 13 2017 - 18:42:34 CEST