On Thu, 24 Jul 2008, Kostik Belousov wrote:
Lots of people care a lot about plan9. The problem is that it's a lot like
UNIX. UNIX presupposes lots of special-purpose applications doing rather
specific and well-defined things, and that is a decreasingly accurate
reflection of the way people write applications. All these security
extensions get extremely messy the moment you have general-purpose
applications that you want to be able to do some things some times, and
other things other times, and where the nature of the protections you want
depends on, and changes with, the whim of the user. The complex structure
of modern UNIX applications doesn't help (lots of dependent libraries,
files, interpreters, etc), because it almost instantly pushes the package
dependency problem into the access control problem. I don't think it's
hopeless, but I think that any answer that looks simple is probably wrong
by definition. :-)
I think that the per-process namespaces are useful, and can be added to the
existing Unix model with quite favourable consequences. On the other hand, I
do not think that security is the most important application of the
namespaces, or even have a direct relation to it.
Implementing namespaces for FreeBSD looks as an doable and quite interesting
project for me :).
Sounds good to me :-).
As with all such project (variant symlinks, process-local name spaces, etc),
do be very careful about security -- often as not, such projects risk tripping
over problems with privilege-escalated processes, such as setuid binaries,
etc, which place strong trust in the file system name space.
Robert N M Watson
Computer Laboratory
University of Cambridge
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
