[TUHS] UNIX of choice these days?
Tony Finch
dot at dotat.at
Tue Sep 26 01:45:49 AEST 2017
Bakul Shah <bakul at bitblocks.com> wrote:
>
> I think a few changes can make Unix much more plan9 like.
> Things like: file descriptors are actually capabilities (or
> handles, for short) and each process starts with a set of
> handles and it can only reach those resources that its handles
> allow. It can also gain new handles via operations on existing
> handles. Right here you can see that a process is already
> sandboxed. You don't need containers or jails!
You can opt-in to this way of working by using the capsicum API,
http://www.cl.cam.ac.uk/research/security/capsicum/
but that's really intended for programs to discipline themselves rather
than as something pervasive.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/ - I xn--zr8h punycode
Portland, Plymouth, Biscay: Northwest 4 or 5, becoming variable 3 or 4 later.
Moderate or rough, becoming slight or moderate. Mainly fair. Moderate or good.
More information about the TUHS
mailing list