On Tue, 18 Nov 2003, Timo Sirainen wrote: > For a while now I've been thinking about how to make computers actually > work the way people expect them to - mostly related to security. > ... > So, how about changing the operating system to allow or even encourage > such behaviour? "Sure, just run anything, it's safe. If it's a virus, > operating system clearly warns about it." Yes, this is called a "sandbox". This is what Java delivered for applets. Linux can also deliver this for native code by creating a "sandbox" user that does not have direct access to either the system or user files. For programs that display eye candy or run a stand alone application, a work directory with quota is all we need. If it is desired to give untrusted programs limited access to user files, there can be an agent process which runs SUID to the user, and provides restricted access to user files. A standard API with library provides access to the user agent. -- Stuart D. Gathman <stuart@xxxxxxxx> Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154 "[Microsoft] products are even less buggy than others, in terms of per capita usage." - Steve Balmer, Microsoft Corporation _______________________________________________ gnome-list mailing list gnome-list@xxxxxxxxx http://mail.gnome.org/mailman/listinfo/gnome-list