From mboxrd@z Thu Jan  1 00:00:00 1970
From: Chris McGee <sirnewton_01@yahoo.ca>
Content-Type: multipart/alternative;
	boundary=Apple-Mail-A0016A24-1D6C-4960-8416-7C8216772F5A
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (1.0)
Message-Id: <92A3C379-3B7C-4EB6-9225-BCC5531BA585@yahoo.ca>
Date: Mon, 19 Sep 2016 13:25:34 -0400
References: <CAK0pxsFS6MEeQi6QEANkX6FmQXaY76U+5Buybsr2K+yKUrkepQ@mail.gmail.com>
In-Reply-To: <CAK0pxsFS6MEeQi6QEANkX6FmQXaY76U+5Buybsr2K+yKUrkepQ@mail.gmail.com>
To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net>
Subject: Re: [9fans] Questions on the browser as a platform if plan 9 had
	gained marketshare
Topicbox-Message-UUID: 9faf52fe-ead9-11e9-9d60-3106f5b1d025


--Apple-Mail-A0016A24-1D6C-4960-8416-7C8216772F5A
Content-Type: text/plain;
	charset=us-ascii
Content-Transfer-Encoding: quoted-printable


>=20
> > You just mount search engine, route planning tool, or even shopping site=
 and echo commands into the ctl file.=20
>=20
> I hadn't thought of this - was more thinking on the user union mounting, s=
ay, google.com/bin into their bin directory and running a google operation. T=
he concept of just echoing into a ctl file is really interesting from a secu=
rity perspective.

Right, in this case there is no remote code execution. Web users run all kin=
ds of code they are unaware of today. It's a major problem.

It also helps to create a certain uniformity and expectation of how services=
 should work.

Mounting a bin directory from some remote servers is a potential vector for m=
alicious code and requires all services to provide binaries for all platform=
s (arm, x86, riscv,...). Instead, serving the source code and mkfile allows f=
or audit ability (what did I just run?) and support for their own platform. P=
lan 9 compilers were designed not just to produce optimal code but also for s=
peed of compilation.=

--Apple-Mail-A0016A24-1D6C-4960-8416-7C8216772F5A
Content-Type: text/html;
	charset=utf-8
Content-Transfer-Encoding: quoted-printable

<html><head><meta http-equiv=3D"content-type" content=3D"text/html; charset=3D=
utf-8"></head><body dir=3D"auto"><div><br></div><blockquote type=3D"cite"><d=
iv dir=3D"ltr"><div><br></div><div>&gt;&nbsp;<span style=3D"color:rgb(33,33,=
33);font-family:&quot;helvetica neue&quot;,helvetica,arial,sans-serif;font-s=
ize:13px">You just mount search engine, route planning tool, or even shoppin=
g site and echo commands into the ctl file.</span>&nbsp;</div><div><br></div=
><div>I hadn't thought of this - was more thinking on the user union mountin=
g, say, <a href=3D"http://google.com/bin">google.com/bin</a> into their bin d=
irectory and running a google operation. The concept of just echoing into a c=
tl file is really interesting from a security perspective.</div></div></bloc=
kquote><div><br></div><div>Right, in this case there is no remote code execu=
tion. Web users run all kinds of code they are unaware of today. It's a majo=
r problem.</div><div><br></div><div>It also helps to create a certain unifor=
mity and expectation of how services should work.</div><br><div>Mounting a b=
in directory from some remote servers is a potential vector for malicious co=
de and requires all services to provide binaries for all platforms (arm, x86=
, riscv,...). Instead, serving the source code and mkfile allows for audit a=
bility (what did I just run?) and support for their own platform. Plan 9 com=
pilers were designed not just to produce optimal code but also for speed of c=
ompilation.</div></body></html>=

--Apple-Mail-A0016A24-1D6C-4960-8416-7C8216772F5A--