From mboxrd@z Thu Jan 1 00:00:00 1970 Date: Fri, 17 Apr 2009 06:06:04 +0100 From: Eris Discordia To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Message-ID: <2974A394FBCE758123DAA30F@[192.168.1.2]> In-Reply-To: <20090417020731.A822E5B1B@mail.bitblocks.com> References: <9ab217670904161636p62f77a18ufe0c14ac6245f078@mail.gmail.com> <3535ae9780efe698b30d5c4bf8f5b5b7@quanstro.net> <9ab217670904161825k467a8a4ew31689b207f6ab984@mail.gmail.com> <20090417020731.A822E5B1B@mail.bitblocks.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: Re: [9fans] security questions Topicbox-Message-UUID: dfc8a34a-ead4-11e9-9d60-3106f5b1d025 > The other thought that comes to mind is to consider something > like class based queuing (from the networking world). That > is, allow choice of different allocation/scheduling/resource > use policies and allow further subdivision. As with jail, this is also present in FreeBSD, I believe. It's called 'login classes.' Although it's probably not as flexible as you'd want it to be. --On Thursday, April 16, 2009 7:07 PM -0700 Bakul Shah wrote: > On Thu, 16 Apr 2009 21:25:06 EDT "Devon H. O'Dell" > wrote: >> That said, I don't disagree. Perhaps Plan 9's environment hasn't been >> assumed to contain malicious users. Which brings up the question: Can >> Plan 9 be safely run in a potentially malicious environment? Based on >> this argument, no, it cannot. Since I want to run Plan 9 in this sort >> of environment (and thus move away from that assumption), I want to >> address these problems, and I kind of feel like it's weird to be >> essentially told, ``Don't do that.'' > > Why not give each user a virtual plan9? Not like vmware/qemu > but more like FreeBSD's jail(8), "done more elegantly"[TM]! > To deal with potentially malicious users you can virtualize > resources, backed by limited/configurable real resources. > > The other thought that comes to mind is to consider something > like class based queuing (from the networking world). That > is, allow choice of different allocation/scheduling/resource > use policies and allow further subdivision. Then you can give > preferential treatment to known good guys. Other users can > still experiment to their heart's content within the > resources allowed them. > > My point being think of a consistent high level model that > you like and then worry about implementation details. >