From: "Enrico Weigelt, metux IT consult" <enrico.weigelt@gr13.net>
To: 9fans@9fans.net
Subject: Re: [9fans] Factotum vs SASL
Date: Tue, 2 Dec 2014 23:15:54 +0100 [thread overview]
Message-ID: <547E3A1A.7000902@gr13.net> (raw)
In-Reply-To: <8859357829938d06bd512e70b6e23590@hamnavoe.com>
On 02.12.2014 10:50, Richard Miller wrote:
> For this sort of functionality the computer needs to be running as
> a plan 9 cpu server, not a terminal in which by definition hostowner
> controls everything.
>
> Somewhere in /contrib there is a patch which makes a few changes to
> the cpu kernel to allow a login on the console by a user different
> from hostowner, who then becomes termowner with permissions over
> some but not all of the local hardware (eg keyboard and mouse but
> not disk). It's not hard to do.
Okay, that seems to go in the direction, I'm looking for.
To get the traditional unix behaviour, we'd also need some virtual
terminal multiplexer (which allows switching between VTs with
different sessions), supporting multiple framebuffers/GPUs,
keyboards, etc (eg. multiseat environments) - just giving the
logged-in users only these virtual devices. Shouldn't be that
hard to implement.
Anyways, for now I'm not so much focused on doing that on real
Plan9 system, instead using its concepts/tools (9P, factotum, ...)
on a GNU/Linux system.
> But it's only pretend security if the user has physical access
> to the machine.
Of course, you could still replace the disks, etc .. but that's
an entirely different area.
> The "plan 9 way" is to keep the cpu server in a locked box and
> get another computer to be a terminal. A raspberry pi doesn't
> cost much.
Well, not very suited for mobile purposes (notebook, etc) :P
cu
--
Enrico Weigelt,
metux IT consulting
+49-151-27565287
next prev parent reply other threads:[~2014-12-02 22:15 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-11-17 5:03 Enrico Weigelt, metux IT consult
2014-11-17 5:57 ` Lyndon Nerenberg
2014-11-17 6:29 ` lucio
2014-11-17 13:58 ` erik quanstrom
2014-11-17 14:14 ` lucio
2014-11-18 8:22 ` Skip Tavakkolian
2014-11-29 19:46 ` Enrico Weigelt, metux IT consult
2014-11-29 19:46 ` erik quanstrom
2014-11-29 21:20 ` Enrico Weigelt, metux IT consult
2014-11-29 21:23 ` erik quanstrom
2014-12-01 6:28 ` Enrico Weigelt, metux IT consult
2014-12-01 7:00 ` lucio
2014-12-01 10:38 ` tlaronde
2014-12-01 10:45 ` lucio
2014-12-02 4:00 ` Enrico Weigelt, metux IT consult
2014-12-02 4:08 ` erik quanstrom
2014-12-02 15:40 ` plannine
2014-12-02 16:33 ` Wes Kussmaul
2014-12-02 20:32 ` Skip Tavakkolian
2014-12-02 22:20 ` Enrico Weigelt, metux IT consult
2014-12-02 9:50 ` Richard Miller
2014-12-02 22:15 ` Enrico Weigelt, metux IT consult [this message]
2014-12-01 12:14 ` Stuart Morrow
2014-12-02 20:32 ` Skip Tavakkolian
2015-01-01 14:55 ` Teodoro Santoni
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=547E3A1A.7000902@gr13.net \
--to=enrico.weigelt@gr13.net \
--cc=9fans@9fans.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).