[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: inheritable file system objects, part 1: security



> Plan 9/Inferno is distinct from traditional systems in that
> you can prevent applications from accessing any or all system resources.
> While UNIX processes may be run as non-root that does not prevent
> access to the network, for instance.  Chroot may be used for filesystems
> at some serious inconvenience.

I understand that.  I'm saying that as far as consumer devices go, from a
real-world point of view, it doesn't matter.  For techie users, most of the
capability is available today (I consider FS security critical -- accessing
my network is interesting, but if it was a priority it would already be
here).  

For non-techies, *nothing* can help them.

Let's face it.  If inferno ends up in settop boxes, or penpads, or any
other consumer device, people are going to set it up once and once only
then go ahead and use it.  They are NOT going to restrict access to
resources, unless it's completely automatic.  

If it is automatic, it had better not even begin to get in their way. 
We're talking about people who would be pushing the envelope just to sort
their files into sub-directories.

There is no way this kind of set-up is going to protect people from
malicious programs.   

This doesn't knock Inferno, incidentally.  The point is, security is not
going to be a compelling sales pitch.  Even Sun was swift enough to
recognize that almost no-one outside of techies actually cared about
ActiveX vs. Java security issues and stop pushing security and start
pushing portability (such as it is) for Java.

*I* care about security, but I think people who are promoting
inferno/whatever as a solution to the security problem when downloading
unknown programs aren't really thinking through how such systems will be
used in the real world.

RSR