Comment on Is Matrix cooked?
Ghoelian@lemmy.dbzer0.com 1 day agouh, no? on smartphones, yes, but not on computers.
That’s not true. Most operating systems at least have filesystem permissions, and on a lot of Linux distros you additionally get AppArmor or PolKit to further restrict what files a program can read/write.
WhyJiffie@sh.itjust.works 1 day ago
which limits access between files of different users, but does not prevent the zoom app to read your documents, or the cracked game you torrented to read the passwords from your web browser.
on lot of linux distributions where apparmor is active, most processes are unconfined, or at best still have broad access, because the distribution does not ship apparmor profiles for each executable that a user may run.
same with polkit, except that it’s use case is not about defining additional limitations, but about defining what is allowed, to build upon other security systems. so to define whe n to prompt the user permission, whether to ask for a password or just a yes-no question, or whether to just allow something that would otherwise be disallowed if polkit was not in place.
Additionally, on a lot of linux distributions, umask is set by default so that new files are world readable, and so users can read most of each others files.
this is also at least the 3rd instance I ask this week, but are we really assuming that the common internet user is using linux? what is the case with other operating systems, like windows? yeah users can’t read each others profile directory by default, but nothing prevents program A from reading something written by program B when both are running with the privileges of your user account