From mboxrd@z Thu Jan 1 00:00:00 1970 From: erik quanstrom Date: Sun, 3 Jul 2011 16:57:43 -0400 To: 9fans@9fans.net Message-ID: <958e05563c61b440a0b79507677d27c4@ladd.quanstro.net> In-Reply-To: References: <201107022036.52943.dexen.devries@gmail.com> <249b2a9106d6258a2484fa9b14ecea0b@ladd.quanstro.net> MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Subject: Re: [9fans] novel userspace paradigms introduced by plan 9 Topicbox-Message-UUID: f9890674-ead6-11e9-9d60-3106f5b1d025 > > why do you think that the lack of a super user make per-process names= paces > > work? >=20 > The fact that you own the hardware you are running on means there's no=20 > need to provide enhanced priv's (such as root) to protect things like=20 > mount(2). =20 that's a property of per-process namespaces, not the lack of a root user. in this sense plan 9 has a limited root=E2=80=94the hostowner that owns t= he devices on a machine and is trusted wrt the authentication protocol. > And if you do something stupid, the only damage you can do is=20 > to yourself. Just look at all the hoops FUSE must jump through to keep= =20 > people from being able to bodge the entire system. for some reason, the linux guys have convinced themselves that per proces= s namespaces can't be done without security problems. i see no reason that pam couldn't do plan 9 style authentication with a process running on beh= alf of root with its own namespace. they've changed everything else in unix, why hold so tightly to the clear= ly unhelpful ideas? - erik