From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: From: Charles Forsyth Date: Sun, 28 Oct 2007 20:53:48 +0000 To: 9fans@cse.psu.edu Subject: Re: [9fans] security In-Reply-To: <4723B9AD.8090308@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Topicbox-Message-UUID: dd8b9026-ead2-11e9-9d60-3106f5b1d025 >I'd say that's enough of a problem. Even Plan 9's well >designed authentication domains don't properly mitigate >the issue of the local account being compromised. in practice, no, not the way they are used. most processes start with most possible things in their name spaces, whereas if we were really worried we'd arrange that the other way round, so that most things had just what they needed and no more. that much could be done by constructing name spaces, but it still wouldn't cover various classes of resource exhaustion. also, given that we don't do use the system that way that often, we might not build the environments correctly the first few times. still there's much less to check than with some other approaches. i wonder how you'd prove its properties.