From: "david presotto" <presotto@plan9.bell-labs.com>
To: <9fans@cse.psu.edu>
Subject: Re: [9fans] Plan 9 versus CORBA?
Date: Tue, 25 Sep 2001 22:44:00 -0400 [thread overview]
Message-ID: <006101c14635$1f24c900$8e8b0241@sumt1.nj.home.com> (raw)
In-Reply-To: <20010926014748.246311998A@mail.cse.psu.edu>
We've reduced none to only have world access to things. We
can't make just exec access available because the file server can't
really distinguish execution from reading.
I take it removing world read access from files isn't good enough
for you? We also invented a group called noworld. When anyone
in that group tries to access a file, the permission bits are first anded
with 0x770 for files and 0x771 for directories. We use this right now
to create sandbox'd users. They can't access anything unless they own
it or are a member of its group. Somewhere twixt that and what
we currently call none is probably the right solution.
Of course this takes a lot of forethought. It's really easy to build
environments where noworld users can't even set up a namespace.
You're right though. This would make the listeners a lot more
secure.
----- Original Message -----
From: <okamoto@granite.cias.osakafu-u.ac.jp>
To: <9fans@cse.psu.edu>
Sent: Tuesday, September 25, 2001 9:48 PM
Subject: Re: [9fans] Plan 9 versus CORBA?
> >In fact, we continually reduce the power of none to make it
> >less dangerous.
>
> I don't know this is possible or not, however, I don't like to open all
> the sources and data to the public from network access like now for
> none user. Can't we restrict the power of 'none' only to exec permition?
>
> Kenji
>
>
next prev parent reply other threads:[~2001-09-26 2:44 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-09-26 1:48 okamoto
2001-09-26 2:44 ` david presotto [this message]
-- strict thread matches above, loose matches on Subject: below --
2001-09-26 13:24 jmk
2001-09-26 13:33 ` Boyd Roberts
2001-09-26 6:12 okamoto
2001-09-26 6:07 okamoto
2001-09-26 9:48 ` Boyd Roberts
2001-09-26 5:41 geoff
2001-09-26 9:47 ` Boyd Roberts
2001-09-26 3:18 okamoto
2001-09-26 3:13 okamoto
2001-09-26 4:44 ` Christopher Nielsen
2001-09-26 4:50 ` David Arnold
2001-09-26 9:01 ` Boyd Roberts
2001-09-26 1:34 presotto
2001-09-26 1:26 okamoto
2001-09-25 14:29 forsyth
2001-09-25 14:19 rob pike
2001-09-26 15:44 ` Dan Cross
2001-09-25 13:42 presotto
2001-09-25 2:07 presotto
2001-09-24 22:46 rob pike
2001-09-25 8:36 ` Andrew Simmons
2001-09-24 9:17 Fco.J.Ballesteros
2001-09-21 16:11 Fco.J.Ballesteros
2001-09-21 15:29 anothy
2001-09-21 16:03 ` Dan Cross
2001-09-21 14:54 Fco.J.Ballesteros
2001-09-21 13:37 ` Lucio De Re
2001-09-21 14:29 Sape Mullender
2001-09-21 14:26 jmk
2001-09-21 16:25 ` suspect
2001-09-21 14:04 Andrew Simmons
2001-09-21 14:25 ` andrey mirtchovski
2001-09-21 14:29 ` Ronald G Minnich
2001-09-21 15:16 ` Scott Schwartz
2001-09-21 14:28 ` Ronald G Minnich
2001-09-24 8:51 ` Andrew Simmons
2001-09-24 16:25 ` Boyd Roberts
2001-09-24 22:43 ` George Michaelson
2001-09-24 22:54 ` Boyd Roberts
2001-09-25 0:37 ` George Michaelson
2001-09-25 0:39 ` Boyd Roberts
2001-09-25 0:55 ` George Michaelson
2001-09-25 1:00 ` Boyd Roberts
2001-09-25 0:42 ` Boyd Roberts
2001-09-25 0:56 ` George Michaelson
2001-09-25 1:00 ` Boyd Roberts
2001-09-25 1:23 ` Scott Schwartz
2001-09-25 2:27 ` Dan Cross
2001-09-25 2:31 ` Boyd Roberts
2001-09-25 2:12 ` Dan Cross
2001-09-25 2:32 ` William Josephson
2001-10-01 9:51 ` Mike Warner
2001-09-21 14:33 ` Alexander Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='006101c14635$1f24c900$8e8b0241@sumt1.nj.home.com' \
--to=presotto@plan9.bell-labs.com \
--cc=9fans@cse.psu.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).