(Open to discussion) Permission system
A good security system has program/filesystem sandbox, this issue will cover the program sandbox implementation.
The permission configuration will require user or admin password (like any OS) but without sudo
, because it's prone to abuses (unsafe).
Schemes
Each kernel subsystem or user-space daemon implement schemes for communication, programs will use these schemes to work with different areas of the system.
Security models
- Pre-configured permissions
The Redox developers will decide which permissions (schemes) a program package will have by default.
- Manual permissions
The user will give permissions to the program.
Terminal
Most terminals use sudo
for privileged tasks, it's prone to abuses and won't be used.
GUI
If Orbital is available a permission window will pop up (like Windows and Android) for some program.
Implementations
- Group-based
The program user will need to be a member of some resource group (audio
and video
for example), these groups use schemes.
- Configuration-based
A global TOML file will decide which schemes the programs can use (it needs to be read-only to avoid abuses).