From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.0 required=5.0 tests=T_SCC_BODY_TEXT_LINE
	autolearn=ham autolearn_force=no version=3.4.4
Received: (qmail 17073 invoked from network); 28 May 2022 19:43:34 -0000
Received: from 9front.inri.net (168.235.81.73)
  by inbox.vuxu.org with ESMTPUTF8; 28 May 2022 19:43:34 -0000
Received: from mimir.eigenstate.org ([206.124.132.107]) by 9front; Sat May 28 15:42:08 -0400 2022
Received: from stockyard (ue.tmodns.net [172.58.230.182])
	by mimir.eigenstate.org (OpenSMTPD) with ESMTPSA id 8de55e79 (TLSv1.2:ECDHE-RSA-AES256-SHA:256:NO)
	for <9front@9front.org>;
	Sat, 28 May 2022 12:41:57 -0700 (PDT)
Message-ID: <FA4FA4789598BE723F7D8E68D7D8AA37@eigenstate.org>
To: 9front@9front.org
Date: Sat, 28 May 2022 15:41:53 -0400
From: ori@eigenstate.org
In-Reply-To: <6D0CAE9C3EDDCF15EF90F526821E14E6@smtp.pobox.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
List-ID: <9front.9front.org>
List-Help: <http://lists.9front.org>
X-Glyph: ➈
X-Bullshit: converged CMS blockchain ActivityPub database factory 
Subject: Re: [9front] git: use new /dev/drivers for privdrop
Reply-To: 9front@9front.org
Precedence: bulk

Quoth unobe@cpan.org:
> For example, say I want a sandboxing area for people to "try 9front".
> With moody's recent work, it removes a big attack vector by
> restricting certain drivers.  But isn't it still possible to fork-bomb
> a server, or to just cause unnecessary churn (i.e., computation), or
> just open too many files, or fill a disk?

Yes.

I'm not aware of anyone trying to protect against denial of
service with shared resources. This work mostly is about
preventing data leakage.