Re: [9fans] security

[Skip Tavakkolian <9nut@9netics.com>]

> What if the trojan broke out of that sandbox? Or knows how to
> import other parts of the namespace into its process? Namespaces
> on Plan 9 are nice, but they absolutely do not constitute a safe
> sandbox. Boo easy answers.

i know that you know about RFNOMNT; but sure there could be a kernel
bug or more likely a bug in the sanxbox code.  that would be a flaw,
not a malicious trojan horse put in - presumably by the author of the
sandbox?! - for that purpose.  any scheme has its holes which are
usually exposed by random events.

what's the cost of security and what's the worth of the data?  i have
decided that my data security doesn't have to be the best, just better
than what the smartest cracker can crack.  if, for example, the nsa or
the cia is interested in my data then i have to assume they already
have it.

> Making a parallel between your workplace environment and a network
> security environment is a dangerous thing. Have you ever seen a
> little green blob with one eye stuck to the top of your coworker's
> head, controlling your coworker's thoughts and actions? Get back
> to me when you do :-)

do you really know the mental state of each of your coworkers at all
time?  it doesn't have to be a green blob.  it's called life.  even at
the cia where one would assume they have the means and the need to
monitor every employee, there have been many cases of analysts
becoming spies for foreign powers for a variety of personal reasons.
that's data security too.

if you don't grow all your own food or if you've ever eaten at a
restaurant, you're an implicitly trusting person.

you'll just have to trust us :)