> What if the trojan broke out of that sandbox? Or knows how to > import other parts of the namespace into its process? Namespaces > on Plan 9 are nice, but they absolutely do not constitute a safe > sandbox. Boo easy answers.
i know that you know about RFNOMNT; but sure there could be a kernel bug or more likely a bug in the sanxbox code. that would be a flaw, not a malicious trojan horse put in - presumably by the author of the sandbox?! - for that purpose. any scheme has its holes which are usually exposed by random events. what's the cost of security and what's the worth of the data? i have decided that my data security doesn't have to be the best, just better than what the smartest cracker can crack. if, for example, the nsa or the cia is interested in my data then i have to assume they already have it. > Making a parallel between your workplace environment and a network > security environment is a dangerous thing. Have you ever seen a > little green blob with one eye stuck to the top of your coworker's > head, controlling your coworker's thoughts and actions? Get back > to me when you do :-) do you really know the mental state of each of your coworkers at all time? it doesn't have to be a green blob. it's called life. even at the cia where one would assume they have the means and the need to monitor every employee, there have been many cases of analysts becoming spies for foreign powers for a variety of personal reasons. that's data security too. if you don't grow all your own food or if you've ever eaten at a restaurant, you're an implicitly trusting person. you'll just have to trust us :)
