zlacker

[parent] [thread] 10 comments
1. ashish+(OP)[view] [source] 2026-02-03 23:48:45
It also has persistent permissions.

Think about it from a real world perspective.

I knock on your door. You invite me to sit with you in your living room. I can't easily sneak into your bed room. Further, your temporary access ends as soon as you exit my house.

The same should happen with apps.

When I run 'notepad dir1/file1.txt', the package should not sneakily be able to access dir2. Further, as soon as I exit the process, the permission to access dir1 should end as well.

replies(3): >>lifeis+J6 >>uzerfc+UD >>araes+i17
2. lifeis+J6[view] [source] 2026-02-04 00:28:13
>>ashish+(OP)
A better example would be requiring the mailman to obtain written permission to step on your property every day. Convenience trumps maximal security for most people.
replies(2): >>ashish+Ua >>BobbyT+5y
◧◩
3. ashish+Ua[view] [source] [discussion] 2026-02-04 00:53:40
>>lifeis+J6
I would configure mailman with permanent write access to the mailbox area

That's what I with my sandbox right now

replies(1): >>bombol+tb1
◧◩
4. BobbyT+5y[view] [source] [discussion] 2026-02-04 03:57:02
>>lifeis+J6
The early version of UAC in Windows did that…

Asking continuously is worse than not asking at all…

replies(1): >>expedi+lI
5. uzerfc+UD[view] [source] 2026-02-04 04:58:02
>>ashish+(OP)
> When I run 'notepad dir1/file1.txt', the package should not sneakily be able to access dir2.

What happens if the user presses ^O, expecting a file open dialog that could navigate to other directories? Would the dialog be somehow integrated to the OS and run with higher permissions, and then notepad is given permissions to the other directory that the user selects?

replies(1): >>what+hH
◧◩
6. what+hH[view] [source] [discussion] 2026-02-04 05:32:04
>>uzerfc+UD
Pretty sure that’s how it works on iOS. The app can only access its own sandboxed directory. If it wants anything else, it has to use a system provided file picker that provides a security scoped url for the selected file.
replies(2): >>signal+231 >>int_19+j91
◧◩◪
7. expedi+lI[view] [source] [discussion] 2026-02-04 05:44:25
>>BobbyT+5y
Some of the stuff that I install is actually meant to behave like malware.

But fine lock windows down for normal users as long as I can still disable all the security. We don't need another Apple.

◧◩◪
8. signal+231[view] [source] [discussion] 2026-02-04 08:42:17
>>what+hH
Yes, UIDocumentPickerViewController is 10+ years old at this point.

There’s also a similar photos picker (PHPicker) which is especially good from 2023 on. Signal uses this for instance.

◧◩◪
9. int_19+j91[view] [source] [discussion] 2026-02-04 09:31:15
>>what+hH
It's also how it works on macOS and even on modern Windows if you are running sandboxed apps.
◧◩◪
10. bombol+tb1[view] [source] [discussion] 2026-02-04 09:46:17
>>ashish+Ua
With systemd or firejail it's quite easy to do this sort of thing on linux.
11. araes+i17[view] [source] 2026-02-05 22:15:49
>>ashish+(OP)
Attempt at real life version (starts with idea they are actually not trustworthy)

  - You invite someone to sit in your living room
    - There must have been a reason to begin with (or why invite them at all)
    - Implied (at least limited) trust of whoever was invited
  - Access enabled and information gained heavily depends on house design
    - May have to walk past many rooms to finally reach the living room
    - Significant chances to look at everything in your house
    - Already allows skilled appraiser to evaluate your theft worthiness
  - Many techniques may allow further access to your house
    - Similar to digital version (leave something behind)
      - Small digital object accessing home network
      - "Sorry, I left something, mind if I search around?"
    - Longer con (advance to next stage of "friendship" / "relationship", implied trust)
      - "We should hang out again / have a cards night / go drinking together / ect..."
      - Flattery "Such a beautiful house, I like / am a fan of <madlibs>, could you show it to me?"
  - Already provides a survey of your home security
    - Do you lock your doors / windows?
    - What kind / brand / style do you have?
    - Do you tend to just leave stuff open?
    - Do you have onsite cameras or other features?
    - Do you easily just let anybody into your house who asks?
    - General cleanliness and attention to security issues

  - In the case of Notepad++, they would also be offering you a free product
    - Significant utility vs alternatives
    - Free
    - Highly recommended by many other "neighbors"
  - In the case of Notepad++, they themselves are not actively malicious (or at least not known to be)
    - Single developer
    - Apparently frazzled and overworked by the experience
    - Makes updates they can, yet also support a free product for millions.
    - It doesn't really work with the friend you invite in scenario (more like they sneezed in your living room or something)
[go to top]