From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <5d375e920710281143m5733e766xce46826611a7adf4@mail.gmail.com> Date: Sun, 28 Oct 2007 19:43:16 +0100 From: Uriel To: "Fans of the OS Plan 9 from Bell Labs" <9fans@cse.psu.edu> Subject: Re: [9fans] security In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <4724B007.6090908@gmail.com> Topicbox-Message-UUID: dd2a9cb2-ead2-11e9-9d60-3106f5b1d025 On 10/28/07, Skip Tavakkolian <9nut@9netics.com> wrote: > > What if the trojan broke out of that sandbox? Or knows how to > > import other parts of the namespace into its process? Namespaces > > on Plan 9 are nice, but they absolutely do not constitute a safe > > sandbox. Boo easy answers. > > i know that you know about RFNOMNT; but sure there could be a kernel > bug or more likely a bug in the sanxbox code. that would be a flaw, > not a malicious trojan horse put in - presumably by the author of the > sandbox?! - for that purpose. any scheme has its holes which are > usually exposed by random events. > > what's the cost of security and what's the worth of the data? I'm still wondering what is the cost of having path be (/bin .) (other than running scripts actually becoming much faster when access to . is slow). For once I'm with don, just because perfect security is impossible doesn't mean we should stop trying to get closer to it, specially when the cost (as far as anyone has been able to tell in this case) is negligible. What is next? we get rid of file permissions 'because your coworkers can already pick the pile of papers lying on your desk so you should trust them anyway. Seeing this kinds of arguments is quite sad, specially given how far ahead plan9 is from every other system when it comes to *real* *practical* security. And I'm an idiot, but this whole discussion has become quite stupid. uriel