From mboxrd@z Thu Jan  1 00:00:00 1970
From: dot@dotat.at (Tony Finch)
Date: Mon, 25 Sep 2017 16:45:49 +0100
Subject: [TUHS] UNIX of choice these days?
In-Reply-To: <20170925005702.38377156E523@mail.bitblocks.com>
References: <c38ba7b5-e867-93a3-14a2-c61c90bb49b5@kilonet.net>
 <alpine.BSF.2.21.1709201036150.89458@aneurin.horsfall.org>
 <20170923091704.GD10152@darioniedermann.it>
 <CANuZA8QHNn=6Gg-Sm20s-0PSsS7y26c=uNbNETUX74Tx1A=DWQ@mail.gmail.com>
 <CALMnNGgMSmqQ56r7xTRNdrDYfRiMieQ48kuZfWtSKd+yjmP2tg@mail.gmail.com>
 <CAP6exYKxC2g06dSRiM8-0BLN08AEWyO-8a0VAcy3vP4H3-8o8A@mail.gmail.com>
 <20170924140617.GG28606@mcvoy.com> <20170924203621.GA80203@wopr>
 <49B7FCB8-A086-4FFB-AF3B-4B3BD167EC54@bitblocks.com>
 <alpine.BSF.2.21.1709250934460.89458@aneurin.horsfall.org>
 <20170925005702.38377156E523@mail.bitblocks.com>
Message-ID: <alpine.DEB.2.11.1709251642450.22527@grey.csi.cam.ac.uk>

Bakul Shah <bakul at bitblocks.com> wrote:
>
> I think a few changes can make Unix much more plan9 like.
> Things like: file descriptors are actually capabilities (or
> handles, for short) and each process starts with a set of
> handles and it can only reach those resources that its handles
> allow. It can also gain new handles via operations on existing
> handles. Right here you can see that a process is already
> sandboxed. You don't need containers or jails!

You can opt-in to this way of working by using the capsicum API,
http://www.cl.cam.ac.uk/research/security/capsicum/
but that's really intended for programs to discipline themselves rather
than as something pervasive.

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/  -  I xn--zr8h punycode
Portland, Plymouth, Biscay: Northwest 4 or 5, becoming variable 3 or 4 later.
Moderate or rough, becoming slight or moderate. Mainly fair. Moderate or good.