Re: which do you think is better user experience?
Posted: Sun Feb 26, 2017 2:01 pm
Hi,
You are still making potentially false assumptions by equating "ownership of the data" with "ownership of something that is not the data" (the computer, the storage device, the OS instance, ...).
That doesn't seem hypocritical to you?
Cheers,
Brendan
This is why the OS has to assume either "no access because permission was not granted" or "full access even though permissions was not granted".Gigasoft wrote:My OS can't possibly know what the "users" on another system are supposed to represent. The very concepts of "users" and "access control" only makes sense within a particular environment. A specific user ID may represent a person, which may be me, or another person. Who knows? Or it could represent a particular service, such as a web server, which is managed by whoever is tasked with maintaining the web server.If your OS assumes it has access without explicit permission despite clear proof that access was intended to be restricted, then your OS is a tool intended for malicious purposes (bypassing the security of other OSs).
No. All the OS knows is that it can access a hard drive. I doesn't know if anything about possession (and if it did, possession doesn't imply ownership or authority anyway).Gigasoft wrote:All my OS knows is that I possess a hard drive, which means I am most likely the owner/administrator of whatever that hard drive belongs to.
That's a separate problem caused by an OS sucking in a different way (allowing files to be copied to removable media without permissions being discarded). Note that for secure systems, shifting/copying a restricted file to a untrusted device (USB flash) would be prohibited by the OS (e.g. the "*-property" of the Bell–LaPadula model).Gigasoft wrote:For an USB stick or CD it gets especially silly, since no one in the world would ever think of using permission bits to protect data from other people on such media. They create files with default permissions and may not remember to change them.
You mean Microsoft or Amazon (or some other cloud service provider)?Gigasoft wrote:Fine, then replace "computer owner" with whoever owns the operating system instance.Legally; the owner of the data is the one to decides who will have access to their data. If a company leases computers and pays an employee to create the data, then the owner of the data (and therefore the only entity legally able to decide who will have access) is the company. The computer owner is not the owner of the data; and neither is the employee that was paid to create it nor any root/administrator (these people merely have the ability to act on behalf of the data's owner).
You are still making potentially false assumptions by equating "ownership of the data" with "ownership of something that is not the data" (the computer, the storage device, the OS instance, ...).
Nonsense. Every modern OS distrusts the legality of its user's actions. It's why file systems have permissions in the first place.Gigasoft wrote:Or an operating system. Like the cab driver, it is not the job of an operating system to distrust the legality of its user's actions.In this analogy the cab driver is like a USB flash stick or network cable. They are not responsible for your actions. You are responsible for complying with the policy of the road owner.
So it's fine to assume you have access without explicit permission when another system has obviously attempted to restrict access (via. file system permissions) and it's also not fine to assume you have access without explicit permission when another system has obviously attempted to restrict access (via. encryption).Gigasoft wrote:No, because now you are talking about implementing a whole new feature. I assume that you are talking about having a function to break the encryption without having the key. Of course no one expects an operating system to have this as a built in feature.Let's try the opposite. If you were able to write code that allows your OS to decrypt file systems that were encrypted by Windows or Linux (in addition to being able to bypass file system permissions that were created by Windows or Linux); would you insist that your OS should bypass encryption created by other OSs (in the same way that you are insisting that your OS should bypass permissions created by other OSs)?
That doesn't seem hypocritical to you?
At least you agree with one of the things I originally said (that it's impractical for one OS to understand a different OS's permissions).Gigasoft wrote:On the other hand, I regard any attempt at interpreting permissions created by another OS and somehow translating them to permissions for local users without being told how, as a silly bug.
Cheers,
Brendan