Comment on Is Matrix cooked?
Ulrich@feddit.org 2 days agohow are programs denied that access? how is it that they can’t do that?
Apps are typically given their own dedicated storage volume, and access to any other part of the filesystem requires permission from the user.
this includes the ability to read the saved passwords from my browser, and to install browser addons without my consent or knowledge.
WTF kind of computers are you using?
WhyJiffie@sh.itjust.works 2 days ago
uh, no? on smartphones, yes, but not on computers.
and even on smartphones. the chat app does have access to your messages, as I originally said
desktop… computers? you probably heard about operating systems, like windows, and linux…
Ghoelian@lemmy.dbzer0.com 2 days ago
That’s not true. Most operating systems at least have filesystem permissions, and on a lot of Linux distros you additionally get AppArmor or PolKit to further restrict what files a program can read/write.
WhyJiffie@sh.itjust.works 1 day ago
which limits access between files of different users, but does not prevent the zoom app to read your documents, or the cracked game you torrented to read the passwords from your web browser.
on lot of linux distributions where apparmor is active, most processes are unconfined, or at best still have broad access, because the distribution does not ship apparmor profiles for each executable that a user may run.
same with polkit, except that it’s use case is not about defining additional limitations, but about defining what is allowed, to build upon other security systems. so to define whe n to prompt the user permission, whether to ask for a password or just a yes-no question, or whether to just allow something that would otherwise be disallowed if polkit was not in place.
Additionally, on a lot of linux distributions, umask is set by default so that new files are world readable, and so users can read most of each others files.
this is also at least the 3rd instance I ask this week, but are we really assuming that the common internet user is using linux? what is the case with other operating systems, like windows? yeah users can’t read each others profile directory by default, but nothing prevents program A from reading something written by program B when both are running with the privileges of your user account
Ulrich@feddit.org 2 days ago
Uh, yes.
What you originally said was gibberish, but I digress. The chat app is open source, so you can evaluate what it’s doing with those messages for yourself.
WhyJiffie@sh.itjust.works 1 day ago
I don’t agree, and additionally when you say I’m wrong I have to pull the reason out of you with pincers.
yeah, evaluate what it does at the time of the audit.
Ulrich@feddit.org 1 day ago
This is gibberish.
You don’t. I’ve given it to you in plain English.
…yes? They’ve also had several third-party professional audits.
WhyJiffie@sh.itjust.works 1 day ago
I don’t agree, and additionally when you say I’m wrong I have to pull the reason out of you with pincers.
yeah, evaluate what it does at the time of the audit.