From: "J.R. Mauro" <jrm8005@gmail.com>
To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net>
Subject: Re: [9fans] v9fs question
Date: Mon, 13 Jul 2009 18:18:38 -0400 [thread overview]
Message-ID: <3aaafc130907131518y74523ef8rf9ddb92fb3d3d105@mail.gmail.com> (raw)
In-Reply-To: <a4e6962a0907131505g63dbe3edl72261c03a1601ddd@mail.gmail.com>
On Mon, Jul 13, 2009 at 6:05 PM, Eric Van Hensbergen<ericvh@gmail.com> wrote:
> On Mon, Jul 13, 2009 at 4:45 PM, hiro<23hiro@googlemail.com> wrote:
>> When I need remote access I nowadays use v9fs+ssh.
>> Multi-user auth in kernel like you propose sounds nice and consistent,
>> but too complicated. It doesn't fit linux, and thus an additional
>> deamon would mean one more place of security relevant code prone to
>> bugs.
>>
>
> While I agree with that being the state of things today, it doesn't mean
> we shouldn't push for better. Maybe the Glendix folks will make things
> consistent (and bug free).
We hope to. One of the reasons it would actually be unwise to let
anyone mount anything now is that no one uses per-process namespaces.
That's probably fine on your desktop, but not on a server where 20
people try to mount something under /mnt/foo or whatnot.
On the security side, I helped get the plan9-style authentication
device in the mainline kernel. It's in staging. I guess the PAM module
is 90% done, but they need some help if anyone is interested.
>
>>
>> From a security (and perhaps simplicity) point of view userspace
>> authentication sounds more reasonable to me, p9p together with
>> something like fuse (even together with the new userspace hackery) or
>> perhaps a single-user v9fs combined with inferno for doing the
>> auth/crypt work seems a lot more reasonable to me than additional
>> clever hackery from the plan9 side. Not sure if somebody has something
>> like this working already...
>>
>
> I have a variant using Inferno right now, mounting the file system directly
> from the stdin/stdout of the emu. Combined with private namespaces it
> provides a seemingly secure mechanism for accessing remote resources
> as well as providing local resources to remote cpu services.
>
> -eric
>
>
next prev parent reply other threads:[~2009-07-13 22:18 UTC|newest]
Thread overview: 65+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-07-11 18:46 Tim Newsham
2009-07-11 18:50 ` Eric Van Hensbergen
2009-07-11 19:03 ` Tim Newsham
2009-07-11 19:47 ` Eric Van Hensbergen
2009-07-11 20:03 ` J.R. Mauro
2009-07-12 3:19 ` Uriel
2009-07-13 8:24 ` sqweek
2009-07-13 8:51 ` hiro
2009-07-13 14:20 ` Eric Van Hensbergen
2009-07-13 20:44 ` hiro
2009-07-13 21:45 ` hiro
2009-07-13 22:05 ` Eric Van Hensbergen
2009-07-13 22:18 ` J.R. Mauro [this message]
2009-07-13 23:16 ` ron minnich
2009-07-13 23:22 ` Eric Van Hensbergen
2009-07-13 23:37 ` ron minnich
2009-07-13 23:47 ` Eric Van Hensbergen
2009-07-13 23:41 ` J.R. Mauro
2009-07-13 23:50 ` erik quanstrom
2009-07-14 0:00 ` J.R. Mauro
2009-07-14 0:06 ` erik quanstrom
2009-07-14 0:01 ` Eric Van Hensbergen
2009-07-14 0:08 ` ron minnich
2009-07-14 0:46 ` J.R. Mauro
2009-07-14 0:42 ` J.R. Mauro
2009-07-14 0:58 ` Eric Van Hensbergen
2009-07-14 1:28 ` Latchesar Ionkov
2009-07-14 1:35 ` Devon H. O'Dell
2009-07-14 2:05 ` Tim Newsham
2009-07-14 0:42 ` Tim Newsham
2009-07-14 0:50 ` erik quanstrom
2009-07-14 0:56 ` Eric Van Hensbergen
2009-07-14 4:51 ` lucio
2009-07-14 4:29 ` lucio
2009-07-14 4:26 ` lucio
2009-07-13 22:00 ` Eric Van Hensbergen
2009-07-14 19:05 ` sqweek
2009-07-14 20:11 ` Eric Van Hensbergen
2009-07-13 14:59 ` lucio
2009-07-13 15:04 ` Eric Van Hensbergen
2009-07-13 15:08 ` Latchesar Ionkov
2009-07-13 19:51 ` Tim Newsham
2009-07-14 7:34 ` sqweek
2009-07-14 11:08 ` roger peppe
2009-07-14 11:20 ` hiro
2009-07-14 12:48 ` Eric Van Hensbergen
2009-07-14 15:45 ` ron minnich
2009-07-14 16:31 ` Tim Newsham
2009-07-14 20:21 ` roger peppe
2009-07-14 13:10 ` Eric Van Hensbergen
2009-07-14 13:23 ` erik quanstrom
2009-07-14 14:26 ` Eric Van Hensbergen
2009-07-14 14:44 ` erik quanstrom
2009-07-14 14:33 ` Latchesar Ionkov
2009-07-14 14:54 ` Eric Van Hensbergen
2009-07-14 15:01 ` erik quanstrom
2009-07-14 15:13 ` Eric Van Hensbergen
2009-07-14 15:19 ` erik quanstrom
2009-07-14 15:37 ` Eric Van Hensbergen
2009-07-14 16:12 ` erik quanstrom
2009-07-14 16:19 ` Eric Van Hensbergen
2009-07-14 15:06 ` Latchesar Ionkov
2009-07-14 15:48 ` ron minnich
2009-07-14 15:59 ` Eric Van Hensbergen
2009-07-14 14:37 ` Latchesar Ionkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3aaafc130907131518y74523ef8rf9ddb92fb3d3d105@mail.gmail.com \
--to=jrm8005@gmail.com \
--cc=9fans@9fans.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).