On Tue, Jun 13, 2017 at 05:17:54PM +0200, Kamil Cholewiński wrote: > On Tue, 13 Jun 2017, hiro <23h...@gmail.com> wrote: > > [...] android is doing the right thing: it separates processes by > > running them as separate users. [...] > > Every respectable OS/distro packages daemons to run as separate users. > Every respectable piece of software separates privileges and uses > sandboxing / hardening techniques, like chroot, pledge, yadda yadda.
You are being unreasonable here: you are presuming that "computer security" does exist... but it does not. "Security" is not what matters here. The real matter is a model to partition the system ressources (cpu/gpu/ram/network/file system ops/etc) a model to allocate them. You have different levels of partition and allocation: - file system modes. - sid/uid/gid. - control groups. - namespaces. - etc. -- Sylvain