top | item 46001319

(no title)

RVuRnvbM2e | 3 months ago

This is analogous to calling unix account separation "fragmentation". Why can't I just run all my services as root? It has worked for years!?

The answer is that it is a fragile, unmaintainable security nightmare.

Wayland has separation of concerns to fix that problem, with the tradeoffs described in the blog post.

discuss

yjftsjthsd-h|3 months ago

No, this is analogous to forcing everything into separate accounts in the name of "security" and then failing to implement any way to pass data between them. It would be fine to have optional protocols on top of the core wayland protocol, and it would be fine to require a single permission prompt, but only if they actually get implemented and there's actually a way to persistently give permission. Otherwise you've just reduced the functionality of the system.

lmm|3 months ago

And yet unix account separation really did turn out to be overcomplicated and useless. Hosting providers were never able to separate untrusted users by user account, they either use VMs or containers or give up on offering shell access at all, and on home machines the whole effort falls prey to https://xkcd.com/1200/ .