From mboxrd@z Thu Jan 1 00:00:00 1970 To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> In-reply-to: Your message of "Thu, 16 Apr 2009 22:19:21 EDT." <9ab217670904161919na069ecy3fcc06d412307a40@mail.gmail.com> References: <9ab217670904161636p62f77a18ufe0c14ac6245f078@mail.gmail.com> <3535ae9780efe698b30d5c4bf8f5b5b7@quanstro.net> <9ab217670904161825k467a8a4ew31689b207f6ab984@mail.gmail.com> <20090417020731.A822E5B1B@mail.bitblocks.com> <9ab217670904161919na069ecy3fcc06d412307a40@mail.gmail.com> From: Bakul Shah Date: Thu, 16 Apr 2009 23:33:13 -0700 Message-Id: <20090417063313.8DBC95B1B@mail.bitblocks.com> Subject: Re: [9fans] security questions Topicbox-Message-UUID: dfd7661e-ead4-11e9-9d60-3106f5b1d025 On Thu, 16 Apr 2009 22:19:21 EDT "Devon H. O'Dell" wrote: > 2009/4/16 Bakul Shah : > > Why not give each user a virtual plan9? Not like vmware/qemu > > but more like FreeBSD's jail(8), "done more elegantly"[TM]! > > To deal with potentially malicious users you can virtualize > > resources, backed by limited/configurable real resources. > > I saw a talk about Mult at DCBSDCon. I think it's a much better idea > than FreeBSD jail(8), and its security is provable. > > See also: http://mult.bsd.lv/ But is it elegant? [Interviewer: What do you think the analog for software is? Arthur Whiteny: Poetry. Interviewer: Poetry captures the aesthetics, but not the precision. Arthur Whiteny: I don't know, may be it does. -- ACM Queue Feb/Mar 2009, page 18. http://mags.acm.org/queue/20090203] Perhaps Plan9's model would be easier (and more fun) to extend to accomplish this. One can already have a private namespace. How about changing proc(3) to show only your login process and its descendents? What if each user can have a separate IP stack, separate (virtualized) interfaces and so on? But you'd have to implement some sort of limits on oversubcribing (ratio of virtual to real resources). Unlike securitization in the hedge fund world.