[ mona / prog / sol ]


When everything isn't just a file.

1 2020-09-10 14:48

The lack of a capability system in POSIX is causing real world damage that affects billions of people. It might be an app on your phone that spies on all your messages, a JavaScript package that sends all your SSH and Bitcoin private keys to a thief, or your browser might be exploited, make itself root by running sudo with your privileges and then install a rootkit. Why can your browser run sudo? Sudo is by design a confused deputy.

Suppose only your SSH client had the operation required to use your SSH keys. Suppose the operation to export those SSH keys was only accessible via your login session when you specifically used your keyboard or mouse to make that export. This would be more secure.

Suppose the file system protected your files against data corruption (e.g. making it impossible to write a bad /etc/fstab)? Sounds pretty good to me.
Post script

Multics enabled a superior paradigm for storage management and backups. Xerox Alto allowed a disk structure to be restored even if all metadata blocks had been damaged. Hydra used a capability system to provide a powerful protection mechanism for data. All of these enabled interesting types of functionality that we are missing in POSIX.

There are many good ideas in historical file systems that have been completely dropped today. I’m building some sort of operating system in Scheme in my Loko Scheme project and would like to explore these ideas there.



do not edit these