The root cause of many of our woes is ambient authority. This is the metaphorical equivalent of building an electrical grid without fuses or circuit breakers.
You have to trust everything, and any breach of trust breaks it all. This approach is insane, and yet, widely accepted as the way things were always done, and will always be done.
If you ever get the chance to use capability based security, otherwise known as the principle of least privilege, or multilevel security, do so.
Know that permission flags in Android, or the UAC crap in Windows, or AppArmor are NOT capability based security.
You have to trust everything, and any breach of trust breaks it all. This approach is insane, and yet, widely accepted as the way things were always done, and will always be done.
If you ever get the chance to use capability based security, otherwise known as the principle of least privilege, or multilevel security, do so.
Know that permission flags in Android, or the UAC crap in Windows, or AppArmor are NOT capability based security.