From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <4724B007.6090908@gmail.com> Date: Sun, 28 Oct 2007 09:51:35 -0600 From: don bailey User-Agent: Thunderbird 2.0.0.6 (X11/20070816) MIME-Version: 1.0 To: Fans of the OS Plan 9 from Bell Labs <9fans@cse.psu.edu> Subject: Re: [9fans] security References: <2cc6e509319590eee5371dc0def82e1a@9netics.com> In-Reply-To: <2cc6e509319590eee5371dc0def82e1a@9netics.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Topicbox-Message-UUID: dcd34f70-ead2-11e9-9d60-3106f5b1d025 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > in that case, one should build a sandbox, climb into it and import the > fs. the potential damage is contained. maybe 9fs should have an > option to do that. > What if the trojan broke out of that sandbox? Or knows how to import other parts of the namespace into its process? Namespaces on Plan 9 are nice, but they absolutely do not constitute a safe sandbox. Boo easy answers. > i didn't say implicitly trust everything, but if you decided to be > part of a group, you're implicitly trusting them. it would be as > if you asked every coworker to walk through a metal detector > before they could approach you. if you don't, then you're implicitly > trusting they wont harm you. > Making a parallel between your workplace environment and a network security environment is a dangerous thing. Have you ever seen a little green blob with one eye stuck to the top of your coworker's head, controlling your coworker's thoughts and actions? Get back to me when you do :-) D -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHJLAFyWX0NBMJYAcRAh/yAKCtO43h0CDQNNIgHa61cScvZsyrtQCghkeH YWX7Av8QNVBExdlX5JK8voY= =lkC4 -----END PGP SIGNATURE-----