From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from felloff.net ([199.191.58.38]) by pp; Wed May 20 16:35:01 EDT 2015
Message-ID: <2c054e0c3296713f66537c623a082f73@felloff.net>
List-ID: <9front.9front.org>
X-Glyph: ➈
X-Bullshit: injection browser optimizer
Date: Wed, 20 May 2015 22:34:51 +0200
From: cinap_lenrek@felloff.net
To: 9front@9front.org
Subject: Re: [9front] proposal: disable most of /rc/bin/services/tcp* by default
In-Reply-To: <A6221413-9A09-4E9F-BFB9-6F517CD3FB2C@9.offblast.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit

i'm not against this, but what exactly is the problem? its not like
these services are usable unless you have an actual account on the 
auth server (and created a mailbox for the user in case of imap/pop3).

this is not like unix where services run as "root" and then impersonate
some user on the system, but they start as "none" and cant do anything
(even if there are bugs) unless the user authenticates.

if you have an account, then you can as well cpu in and run commands.

what we really want is a authorization scheme that would allow us to
grant a user the services he can use on the system. right now its
a all or nothing. if you have an account you can use every service
in the network.

--
cinap