[cap-talk] DJB on Least Privilege

[Toby Murray]

On Mon, 2007-11-05 at 18:45 +0000, Stiegler, Marc D wrote:
> how many of the top ten programs you use are less than
> 3 years old, and how many are antiques that just keep getting patched to
> do more stuff more poorly? In my own world, the answer is pretty
> depressing:
> 
>  
> Firefox
> Gmail
> MS Word
> PowerPoint
> Outlook
> Eclipse
> Connectix
> Crimson
> Winzip
> Acrobat Reader
> 
> Of these, the only one even faintly youngish is Gmail. New from-scratch
> software seems not a part of the desktop mix. Indeed, the situation is
> so woeful that I don't even look for new software any more. I am without
> hope of seeing anything better.

Untrue. Ask yourself how quickly the environments evolve on which these
applications run. Also ask yourself how often a new Linux distribution
emerges that captures a significant proportion of the user base.
Finally, consider what the proportion of Internet users whose primary
"applications" are Facebook, MySpace, and various other web apps. It's
also worth considering the number of people who operate on mobile
platforms.

All of these point to significant opportunities. Imagine a Plash or
AppArmor-with-extensions-for-dynamic-permission-grants based Linux
distribution that affords decent POLA. Or an open object-cap base on
which to build web applications (coming soon, I hear), or a POLA-centric
laptop for the emerging world (coming sooner). I refuse to believe the
situation  is so bleak.

Imagine extensions to existing FreeDesktop standards that specify how
application metadata should be provided and extending this to include
information about the application's required authority. Imagine sites
like GnomeFiles.org extended so that package classifications such as
"Audio Player" or "System Tool" map to sane default permission sets from
which the abovementioned standardised metadata can be inferred.

Surely nothing substantial was ever achieved without excess optimism.