DEV Community 👩‍💻👨‍💻

Discussion on: If you've tried Linux and opted against using it, tell us why for the chance to be featured on our podcast!

 
moopet profile image
Ben Sinclair

On a Mac and a Debian box right now, and I can read other people's home directories but not write to them on both systems. I'm not sure what the difference is. If you're saying that some random GUI app that's a trojan has a better chance of writing to someone else's home directory on one system, then ok - I mean I don't really know how that would work, but I'll assume you're right for the sake of this thread.

What you were saying before about the difference in prompts somehow making one more secure than the other doesn't make sense to me though, and it looks like you're moving the goalposts a little.

Different systems will share some vulnerabilities and also have their own separate ones. MacOS is pitched as mostly being for single-user systems where you need physical access to do a lot of damage, where Linux is more likely to be multi-user from the get-go. Both approaches make compromises. There are root escalation vulnerabilities on both we haven't even heard of yet, I'm sure - but it's not as easy as "this script gets you root on Linux, MacOS is secure".

Thread Thread
 
gargakshit profile image
Akshit Garg

I might be wrong, but I meant writing to the logged in user's home directory. With a normally configured Linux box, applications could write to the same user's home directory without asking for explicit permissions, while with MacOS, this is not the case. MacOS asks for "Documents" permission before allowing an application to write in the home directory making the attack surface much less. I guess you could do some hardening to mitigate this

Thread Thread
 
moopet profile image
Ben Sinclair

Maybe. I don't remember seeing that, but if it's the case, then if this is something bundled with a GUI app, people are probably just going to click "sure, ok" and if it's a CLI app, I doubt they'd get that prompt.