On Sun, Aug 03, 2003 at 02:14:14AM -0700, Bruce J.A. Nourish wrote:
> * FreeBSD's jail(2) feature
> 
>   This seems to be a useful tool in the wild: a recent Netcraft survey
>   made the point that an increasing number of websites are served by
>   shared hosting, and that FreeBSD was notably popular in this regard.

  Time spent bringing jail(2)-like functions to NetBSD just seems like
  procrastination, when capabilities will subsume the protections provided
  by both jail(2) and systrace. There is an adequate description of a
  capability system at the website for EROS, www.eros-os.org.

  BTW, "grid (super)computing" is all the rage these days, and one of
  the big problems in grid (super)computing is to run arbitrary binaries
  on many computers with dissimilar architectures, without exposing the
  computers to risk from trojan horses or badly behaved programs. Existing
  solutions are neither very fast nor very secure because they depend
  on Java for its bytecode portability and security. I think that
  a research proposal that involves adding capabilities to a robust
  and highly-portable network operating system, NetBSD, so that it can
  compile and run binaries natively without risk, stands a really good
  chance of winning funds from the National Science Foundation.

Dave

-- 
David Young             OJC Technologies
dyoung@ojctech.com      Urbana, IL * (217) 278-3933