From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <006101c14635$1f24c900$8e8b0241@sumt1.nj.home.com> From: "david presotto" To: <9fans@cse.psu.edu> References: <20010926014748.246311998A@mail.cse.psu.edu> Subject: Re: [9fans] Plan 9 versus CORBA? MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Date: Tue, 25 Sep 2001 22:44:00 -0400 Topicbox-Message-UUID: f3faa8c8-eac9-11e9-9e20-41e7f4b1d025 We've reduced none to only have world access to things. We can't make just exec access available because the file server can't really distinguish execution from reading. I take it removing world read access from files isn't good enough for you? We also invented a group called noworld. When anyone in that group tries to access a file, the permission bits are first anded with 0x770 for files and 0x771 for directories. We use this right now to create sandbox'd users. They can't access anything unless they own it or are a member of its group. Somewhere twixt that and what we currently call none is probably the right solution. Of course this takes a lot of forethought. It's really easy to build environments where noworld users can't even set up a namespace. You're right though. This would make the listeners a lot more secure. ----- Original Message ----- From: To: <9fans@cse.psu.edu> Sent: Tuesday, September 25, 2001 9:48 PM Subject: Re: [9fans] Plan 9 versus CORBA? > >In fact, we continually reduce the power of none to make it > >less dangerous. > > I don't know this is possible or not, however, I don't like to open all > the sources and data to the public from network access like now for > none user. Can't we restrict the power of 'none' only to exec permition? > > Kenji > >