9fans archive / 2001 / 06 / 432 / prev next From: "Anssi Porttikivi" <anssi.porttikivi@tel...> Subject: Re: [9fans] Inferno plug-in security Date: Wed, 20 Jun 2001 15:01:05 +0300 <anothy@cos...> wrote in message news:<20010619171302.3531519A05@mai...>... > //the basic idea in all Plan 9 and Inferno is, that even network connections > //are services offered by directories which are called "file systems" > ... >different users have different permissions to different > things, right? we can tell these users are different people because they have a > certain key/passwd/response. without signing on a dis module, we face two > problems, both of which exist in any system with no authentication... Certainly, you are right. But the first and easy step for Inferno plug-in security is to let the Web browser user decide, what "objects" are bound to the name space. Implementing or installing a good selection of inheritance hierarchy of "directory objects" the user can choose at will, and interactively, at the precision of his liking, what the plug-in is EXACTLY allowed to do. Besides, it would be fairly easy to allow the user to configure different Inferno user id's and choose, which identity a plug-in is allowed to use. Of course there will be a further, advanced need for module signing. That is why module signning was designed to be part of Inferno. But in Inferno/Plan 9 you can have an exact control on a set of resources an untrusted module is allowed to access. Not a sandbox, but a custom built playing field bildable with "bind -a"