Language Selection

English French German Italian Portuguese Spanish

Intent Is The Problem

Filed under
OS

Of late, I keep banging into the problem that people want systems to be “secure by default”: they don’t want to pester the user about security. They want the system to just do the right thing. The problem is, this just isn’t possible. One example I like to give is “rm -rf *“. Clearly this command is sometimes a very bad idea, and sometimes exactly what you want to do. If some piece of code I mistakenly trusted runs that command on my behalf, I might be very sad about it. Therefore, any system that wants to be “secure” has to somehow know that when I move to some directory and type rm -rf * I mean it, and when I run a piece of code I’m expecting to (say) edit some text, I don’t mean it, and it should not be allowed to do it.

How can the system discover this? Clearly it must be through some user action. The user must behave differently in some way in the two cases, so that the system can discover his intent. Therefore it is impossible to be “secure” without, in some way, consulting the user about his intent.

Rest Here

More in Tux Machines

Linux 4.9-rc8

So if anybody has been following the git tree, it should come as no surprise that I ended up doing an rc8 after all: things haven't been bad, but it also hasn't been the complete quiet that would have made me go "no point in doing another week". Extra kudos to Arnd, who actually root-caused the incredibly annoying "modversions do not work with new versions of binutils", bisecting it to a particular change to symbol handling in binutils, and then adding a small one-liner patch to the kernel to work around the issue. We already had other workarounds in place, but it's always good to know exactly what in the tool chain changed to cause things like this. Read more Also: Linux Kernel 4.9 Slated for December 11 Release as Linus Torvalds Outs RC8 Linux 4.9-rc8 Kernel Released