[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: inheritable file system objects, part 1: security

On Feb 17, 16:21, Rob Rodgers wrote:
> [...]
> And if I was running any number of operating systems, I could test that
> program in a user account with reduced permissions.  The truth is,
> consumers aren't going to put up with that nonsense -- theyo're going to
> put their files wherever is convenient, which doesn't include playing
> security games.
> : Inferno will not be any safer in practice than anything else.
(^^^^ who said that?  was that you, Rob?)


Plan 9/Inferno is distinct from traditional systems in that
you can prevent applications from accessing any or all system resources.
While UNIX processes may be run as non-root that does not prevent
access to the network, for instance.  Chroot may be used for filesystems
at some serious inconvenience.