• 1 Post
  • 106 Comments
Joined 2 years ago
cake
Cake day: July 11th, 2023

help-circle





  • WhyJiffie@sh.itjust.worksOPtoTechnology@lemmy.worldIs Matrix cooked?
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    2 days ago

    App-specific file-acess permissions are on MacOS out of the box as a configurable setting for all applications (in the system settings menu), and I’m pretty sure Windows 10/11 has something similar in its settings menu as well.

    I don’t know about macos, but I doubt that it applies to software that was obtained outside of their app store.

    on windows however, those settings only apply to UWP apps. not .exe and .bat and .msi and .ps programs, but .appx packages that you can install from the Microsoft Store. and installing something from the Microsoft Store does not mean that it’ll be sandboxed, lots of regular .exe programs are also distributed there.

    Also, if we’re being pedantic, this is also a setting on both Android and iOS, with Android displaying the option to change access pretty much every time you pick out a file.

    those are mobile operating systems, they have been designed with this in mind from the beginning. General purpose desktop computers are very different though, for better or worse. and, as I know, desktop computer users are still not a small minority


  • WhyJiffie@sh.itjust.worksOPtoTechnology@lemmy.worldIs Matrix cooked?
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    2 days ago

    Most operating systems at least have filesystem permissions,

    which limits access between files of different users, but does not prevent the zoom app to read your documents, or the cracked game you torrented to read the passwords from your web browser.

    and on a lot of Linux distros you additionally get AppArmor or PolKit to further restrict what files a program can read/write

    on lot of linux distributions where apparmor is active, most processes are unconfined, or at best still have broad access, because the distribution does not ship apparmor profiles for each executable that a user may run.

    same with polkit, except that it’s use case is not about defining additional limitations, but about defining what is allowed, to build upon other security systems. so to define whe n to prompt the user permission, whether to ask for a password or just a yes-no question, or whether to just allow something that would otherwise be disallowed if polkit was not in place.

    Additionally, on a lot of linux distributions, umask is set by default so that new files are world readable, and so users can read most of each others files.

    this is also at least the 3rd instance I ask this week, but are we really assuming that the common internet user is using linux? what is the case with other operating systems, like windows? yeah users can’t read each others profile directory by default, but nothing prevents program A from reading something written by program B when both are running with the privileges of your user account

    so, sorry but to me it seems that

    • on linux it is possible, but in lots of common cases access is not limited
    • on windows it is not possible, without involving probably enterprise level software


  • What you originally said was gibberish, but I digress.

    I don’t agree, and additionally when you say I’m wrong I have to pull the reason out of you with pincers.

    The chat app is open source, so you can evaluate what it’s doing with those messages for yourself.

    yeah, evaluate what it does at the time of the audit.


  • What you originally said was gibberish, but I digress.

    I don’t agree, and additionally when you say I’m wrong I have to pull the reason out of you with pincers.

    The chat app is open source, so you can evaluate what it’s doing with those messages for yourself.

    yeah, evaluate what it does at the time of the audit.


  • WhyJiffie@sh.itjust.worksOPtoTechnology@lemmy.worldIs Matrix cooked?
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    2
    ·
    2 days ago

    Apps are typically given their own dedicated storage volume, and access to any other part of the filesystem requires permission from the user.

    uh, no? on smartphones, yes, but not on computers.

    and even on smartphones. the chat app does have access to your messages, as I originally said

    WTF kind of computers are you using?

    desktop… computers? you probably heard about operating systems, like windows, and linux…


  • WhyJiffie@sh.itjust.worksOPtoTechnology@lemmy.worldIs Matrix cooked?
    link
    fedilink
    English
    arrow-up
    5
    arrow-down
    2
    ·
    2 days ago

    on linux. flatpak. now, how mainstream is that setup exactly? are you saying that the issue I brought up does not apply to most of the people on the internet?

    it does not matter what platform I’m on. what matters is what do most people use. in the world where I live, most people use the windows operating system. there is no such protection at all. except when accounting for sandboxie and other obscure programs virtually no one knows about


  • how are programs denied that access? how is it that they can’t do that?

    with the computers that I know, if I download a program, that’ll be able to read, and also modify all the files that I have access to. this includes the ability to read the saved passwords from my browser, and to install browser addons without my consent or knowledge.

    what makes it so that it cannot happen on mainstream desktop computers?