I have a question. Have you ever used OS file permissions?
I have not. Ever.
I have been programming for 30 years. I have developed many sensitive and secure applications, including large financial transaction systems, online bill payment systems, internet financial services, and now medical imaging applications. I have never used OS file permissions. Ever. Furthermore I am confident that I will never use them.
Every OS should have a checkbox at the admin/root level that says “I don’t want to use file permissions”. That single thing would save
Any application that actually needs file permissions probably can’t rely on the OS, anyway, because it is too hard to get them right. Only simple things work for security, and file permissions are not simple. I know of an application that stores all its data in ZIP files just because that way the password mechanism can be used to protect the data. That’s pretty weird but it works, because it is simple. Most “real” applications store data in a database, and the database provides the protection. That can be complicated but not that complicated, so it also works. File permissions at the OS level just don’t work.
So the moral of this story is that if you ever design an operating system, don’t have file permissions. Thanks for listening.