Re: A couple notes on Palm webOS security
On Thu, July 2, 2009 06:06, Steve Witham wrote:
> These are from my ph file of random info, sorry for the format.
> specialized browser.
>>Both Contacts and Calendar will allow applications to add
>>information that will get merged into an integrated view.
>>They don't allow applications to read, delete or update
>>any data that wasn't created by the same application.
> Reading between the lines it sounds like each app may have a
> Linux user id.
Possible, or alternatively a filesystem implementing a view based
access control mechanism. In MinorFs I use a similar mechanism, however
avoiding the per application view, and providing only a per non-persistent
process view and a per pseudo-persistent process view. The reason I
avoided implementing the per application view is that it is equivalent to
how languages like C++ provide the construct of static class level
variables, of what we know that it encourages the use of
(that until recently I mistakingly used to call ambient authority, tnx
Mark/Alan). I have been arguing that providing a mechanism for
constructing undeniable/implicit authority in such a way, is a form of
hiding and dampening the problem of the single global namespace filesystem
access, while the pid and pppid approach, although a bigger leap for
architects and developers, does solve the problem in a structural way. I
argued that providing a mechanism for partially hiding the underlaying
problem may actually be harmful.