Hacker News new | past | comments | ask | show | jobs | submit login

This was first explained by the capability security community. Plan 9's private nameapaces is an approach to capability secure file systems, with the default being the empty namespace. I'm surprised the article didn't mention Plan 9 actually since it discusses capabilities.



I just realised it's 2019 and capabilities are still misunderstood, and the ACL-capability-equivalency myth continues to result in poor solutions to security problems.

For anybody who is curious, the general problem here is described in two great papers as "the confused deputy" [1] and "designation without authority" [2].

Roughly put, systems built with ACLs as the primitive mechanism for authorization can never produce practically secure systems.

[1] http://zoo.cs.yale.edu/classes/cs422/2010/bib/hardy88confuse...

[2] http://srl.cs.jhu.edu/pubs/SRL2003-02.pdf


I fear that it's because we don't know how to make globes. [0]

[0] https://corbinsimpson.com/words/globe.html


Reading that felt surprisingly familiar! I pottered about for 2 years trying to build a GUI for a Globe-based world and gave up.


Plan 9 is mentioned in the article that this one is a follow-on to.


Plan 9 was mentioned but dismissed as "bizarre and unwieldy" (FWIW, I have no opinion on this). Based on what I read, the author is probably not aware of modern capability-based security research and would benefit from exploring the space further as he appears to be re-discovering some of the concepts but is missing a clear understanding of the broader problems.




Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: