From mboxrd@z Thu Jan 1 00:00:00 1970 MIME-Version: 1.0 In-Reply-To: <20090417063313.8DBC95B1B@mail.bitblocks.com> References: <9ab217670904161636p62f77a18ufe0c14ac6245f078@mail.gmail.com> <3535ae9780efe698b30d5c4bf8f5b5b7@quanstro.net> <9ab217670904161825k467a8a4ew31689b207f6ab984@mail.gmail.com> <20090417020731.A822E5B1B@mail.bitblocks.com> <9ab217670904161919na069ecy3fcc06d412307a40@mail.gmail.com> <20090417063313.8DBC95B1B@mail.bitblocks.com> Date: Fri, 17 Apr 2009 07:59:35 -0400 Message-ID: <9ab217670904170459v69909123hc967cf89dc6c2528@mail.gmail.com> From: "Devon H. O'Dell" To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: [9fans] security questions Topicbox-Message-UUID: e04ac4b0-ead4-11e9-9d60-3106f5b1d025 2009/4/17 Bakul Shah : > On Thu, 16 Apr 2009 22:19:21 EDT "Devon H. O'Dell" =A0wrote: >> 2009/4/16 Bakul Shah : >> > Why not give each user a virtual plan9? Not like vmware/qemu >> > but more like FreeBSD's jail(8), "done more elegantly"[TM]! >> > To deal with potentially malicious users you can virtualize >> > resources, backed by limited/configurable real resources. >> >> I saw a talk about Mult at DCBSDCon. I think it's a much better idea >> than FreeBSD jail(8), and its security is provable. >> >> See also: http://mult.bsd.lv/ > > But is it elegant? Rather. > [Interviewer: What do you think the analog for software is? > =A0Arthur Whiteny: Poetry. > =A0Interviewer: Poetry captures the aesthetics, but not the precision. > =A0Arthur Whiteny: I don't know, may be it does. > =A0-- ACM Queue Feb/Mar 2009, page 18. > =A0 =A0http://mags.acm.org/queue/20090203] > > Perhaps Plan9's model would be easier (and more fun) to > extend to accomplish this. One can already have a private > namespace. =A0How about changing proc(3) to show only your > login process and its descendents? What if each user can have > a separate IP stack, separate (virtualized) interfaces and so > on? =A0But you'd have to implement some sort of limits on > oversubcribing (ratio of virtual to real resources). Unlike > securitization in the hedge fund world. > >