> That said, I don't disagree. Perhaps Plan 9's environment hasn't been > assumed to contain malicious users. Which brings up the question: Can > Plan 9 be safely run in a potentially malicious environment? Based on > this argument, no, it cannot. Since I want to run Plan 9 in this sort > of environment (and thus move away from that assumption), I want to > address these problems, and I kind of feel like it's weird to be > essentially told, ``Don't do that.''
If you were trying to run Plan 9 on systems that were allowed to flip 1% of the bits in memory at random each day, we'd tell you "don't do that" too. Linux and FreeBSD and OS X can't be run in the kind of environment you describe either. If people are being malicious and trying to take down the system, the right fix is to kick them off. If you want true isolation between the users you should give them each a VM, not a Plan 9 account. Russ
