[HN Gopher] Security in Plan 9 (2002)
___________________________________________________________________
Security in Plan 9 (2002)
Author : jsfcoding
Score : 120 points
Date : 2022-09-28 12:29 UTC (10 hours ago)
(HTM) web link (9p.io)
(TXT) w3m dump (9p.io)
| [deleted]
| elfsl wrote:
| johndoe0815 wrote:
| Interesting related topic - Inferno OS security, discussed in
| this Phrack magazine article: http://phrack.org/issues/58/12.html
| [deleted]
| neonate wrote:
| https://archive.ph/FemdD
|
| https://web.archive.org/web/20220403200715/https://9p.io/sys...
| tyingq wrote:
| The 9p filesystem lives on in a few "modern" places, like within
| WSL, QEMU, and other places where it's a good bridge between a
| host OS and container or VM.
| michael-ax wrote:
| unless i have done it hopelessly wrong, you may be overstating
| it a little bit by calling it good.
|
| virtfs is the good one, not 9p.
| stonogo wrote:
| virtfs USES 9p.
| spijdar wrote:
| I think GP meant to say (the extremely confusingly named)
| virtio-fs, as opposed to virtfs/9pvirtio.
|
| Virtio-fs is independent of 9P and has optional support for
| using shared memory to greatly increase performance, it
| also maps better to the permissions and metadata of
| "modern" filesystems IIRC, not sure if 9pvirtio had this
| problem but I remember coworkers having permissions
| problems with the 9P bridge in WSL2 (Plan9's permission
| system is very simple and doesn't map well to other VFS's)
| MisterTea wrote:
| > Plan9's permission system is very simple and doesn't
| map well to other VFS's
|
| Plan 9 is a pure VFS OS. 9p uses regular unix permissions
| which map just fine. The major issue is that since plan 9
| is all vfs, there are no crufty unix leftovers like
| hidden dot files or hard/soft links. User specific
| configuration files belong in $user/lib and bind replaces
| hacky links. These old unix hacks were accommodated in
| 9p2000.u. Further extensions to .u resulted in 9p2000.L
| which adds some Linux metadata stuff (I cant remember
| right now, my memory of 9p2000.u/L is fading).
| anderspitman wrote:
| Unfortunately it's not implemented for Windows hosts. There's a
| patch in the works but the review of the first submission came
| back with a lot of requested changes. They're planning another
| submission though so hopefully it makes it in.
| codemac wrote:
| ChromeOS uses it as well to proxy files between containers.
| macshome wrote:
| Apple added support just in 2019! man mount_9p
| buildbot wrote:
| Huh, could one use this instead of NFS then?
| butterisgood wrote:
| If you don't like performance very much - sure :-).
| sva_ wrote:
| The site seems to be down.
| rany_ wrote:
| Hosted on a plan9 system
| butterisgood wrote:
| And? One can run a not-so-scalable web server on any OS last
| time I checked.
| davidjfelix wrote:
| Ease up, I'm quite sure it was a joke.
| krossitalk wrote:
| It would have been funny for a blip but this has been front
| page for >6 hours and it's still down
| gaetgu wrote:
| It seems to go down every time something on it is submitted to
| Hacker News. Give it a few hours and try again.
| kincl wrote:
| Yeah I couldn't access it either, Wayback archive:
| https://web.archive.org/web/20220403200715/https://9p.io/sys...
| calvinmorrison wrote:
| Here ya go
|
| http://git.9front.org/plan9front/plan9front/e938acc8ff64a3cb...
| MisterTea wrote:
| Weird to link to the raw troff. One you install 9front or
| plan 9, you run mk in /sys/doc to render into readable
| ps/pdf/html documents.
| pjmlp wrote:
| That is the best security.
| Ensorceled wrote:
| Next up in the blog schedule: "Performance and Scaling in
| Plan 9"
| butterisgood wrote:
| I'd actually love to see such a paper. Plan 9 threading is
| more like coroutines, but it is certainly possible to run
| multi-core/multi-process code.
|
| That said, I can't say I've seen anyone try to write
| anything that scales like nginx on Plan 9. That doesn't
| mean it hasn't happened, I've just not seen anyone talk
| about it too much.
|
| It did run on IBM's Blue Gene for a bit (https://www.usenix
| .org/legacy/event/usenix07/posters/vanhens...) but as you
| can see that was some 15 years ago, and I'm not sure we're
| talking about anything even remotely similar to a single
| computer handling tons of concurrent connections.
|
| Plan 9 can also run Go binaries, but, again, not really
| sure we're talking about the same thing as nginx-level
| scale.
| p_l wrote:
| Plan9 libthread is literally goroutines just without the
| syntax sugar - up till version 1.5, golang shipped
| significant chunk of Plan9 standard library with itself.
| It's also where the saner networking interface came from,
| as Plan9 was to support networking from start, not depend
| on quick and dirty port of non-Unix stack like BSD
| Sockets
| MisterTea wrote:
| > I'd actually love to see such a paper. Plan 9 threading
| is more like coroutines, but it is certainly possible to
| run multi-core/multi-process code.
|
| Rob Pike was on of the main developers behind plan 9 and
| Go and involved in concurrent programming research
| focusing on CSP.
|
| Multi-processing was a main focus of plan 9's design and
| it works well as procs are cheap to spawn on plan 9.
| Procs are also the smallest unit of execution on plan 9,
| threads are just light weight procs with a shared heap to
| pass pointers around. Thread stacks can also be shared as
| well by being allocated on the heap via fork(2) RFMEM
| flag (its all done with malloc in the background).
|
| The issue with vanilla (aka labs or legacy ) plan 9 is
| there is a hard coded limit of 2k procs statically
| allocated at boot. This was a pragmatic design decision.
| The unfortunate side effect is vanilla plan 9 falls over
| under any sort of work load requiring spawning lots of
| procs like handling web requests. This is actively being
| worked on by 9front developers so sites hosted on 9front
| should hold up better (patches welcome :-).
|
| > That said, I can't say I've seen anyone try to write
| anything that scales like nginx on Plan 9.
|
| Because you really don't need those big web serving
| monoliths on plan 9. You wire things up using rc scripts
| and programs like execfs (implements cgi) plus
| httpd/tcp80 or another web serving listener and sandbox
| code using namespaces. Plan 9 is more true to unix
| philosophy and more unix than unix. (edit: execfs is
| experimental but available on shuthub.us along with other
| webstuff like tcp80)
| MisterTea wrote:
| Already done.
|
| https://orib.dev/9hack1.html
| ori_b wrote:
| Still WIP. We're not yet at a million useful procs.
| MisterTea wrote:
| Ah, by "Already done" I was referring to to the fact that
| your blog post exists and addresses the performance
| issues :-)
| elfsl wrote:
| elfsl wrote:
| [deleted]
| Bayart wrote:
| Plan 9 seems to be disproportionately influential for an OS
| nobody who's not into systems engineering has ever heard about.
| bear8642 wrote:
| to be fair, it's where UTF-8 debuted
| enriquto wrote:
| and /proc
|
| Unfortunately, kids these days seem to be afraid of files.
| For a hardcore unix fan, curl and wget are useless tools when
| you can just cat /www/url
| ithkuil wrote:
| It's seems nice on a first glance. But how do you set
| headers and content type for example?
| oneplane wrote:
| You echo the request into /www/url and cat the response
| from it
| enriquto wrote:
| or even better, to avoid state, the url "file" is
| executable and you pipe through it:
| /www/url < request > answer
| theamk wrote:
| that already exists, the command is "wget -i - -o -"
| stusmall wrote:
| How does it know where to send it? Does it just assume it
| should use the contents of the Host header and send the
| request there or is the "url" in your path the
| destination? Does it support things like SNI?[1] Can you
| spoof that? Does it expect clients to parse out the raw
| output of the HTTP response? I have so many questions.
| From a quick glance this seems a lot harder to work with
| than curl for both trivial and non-trivial uses.
|
| I tried to find docs on it, but couldn't. If you could
| link me to some, I'd appreciate it.
|
| [1] After posting this I remember like a doofus this is
| an OS from the 90s. Of course it doesn't. But a similar
| question could be asked about any other TLS level
| setting. That's just one I've had to spend more time
| debugging using curl in the past.
| seiferteric wrote:
| To be fair you'd probably end up with a tool like curl
| just for setting all the options and headers, but it
| would just be a wrapper around sending the request to the
| url file. Just like there are tools for reading and
| parsing files in /proc.
| anderspitman wrote:
| > kids these days seem to be afraid of files
|
| Sad but true. Android and iOS are the worst offenders I've
| seen. They're apparently trying to completely get rid of
| the concept of files altogether, which is really
| unfortunate for anyone wanting to build cool stuff on those
| platforms.
|
| I understand there can be security benefits but at what
| cost.
| saagarjha wrote:
| /proc is cute for manual tasks but utterly broke as an API
| due to inherent races and issues passing context around.
| pengaru wrote:
| /proc predates plan9, plan9 just made it hierarchical
|
| https://en.wikipedia.org/wiki/Procfs#History
| xani_ wrote:
| It's mostly coz some people that worked on it went to big
| companies. Go being one example.
| linguae wrote:
| It's a similar story with the Self programming language
| (https://en.wikipedia.org/wiki/Self_(programming_language).
| There are many software engineers and computer scientists who
| never heard of Self, but Self's prototype-based approach to
| object-oriented programming had a major influence on
| JavaScript, and a lot of the work done on making fast virtual
| machines for Self made it in the Java Virtual Machine.
| pwinnski wrote:
| When it was first announced, it wasn't clear it would end up
| being so esoteric, but I remember that Ken Thompson, Dennis
| Ritchie, and Rob Pike were working on it, and maybe Brian
| Kernighan too?
|
| Timing-wise, it was too late for what they ended up doing, but
| anything all those people worked on is bound to have some
| interesting ideas.
|
| It's been weird watching the rise of iOS loosen the reliance
| on, or even awareness of, files, when 9P was all about files.
| Files for everything!
___________________________________________________________________
(page generated 2022-09-28 23:01 UTC)