From mboxrd@z Thu Jan 1 00:00:00 1970 Date: Sat, 3 Jan 2009 13:56:36 -0800 From: "Roman V. Shaposhnik" In-reply-to: To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Message-id: <1231019796.11463.212.camel@goose.sun.com> MIME-version: 1.0 Content-type: text/plain Content-transfer-encoding: 7BIT References: Subject: Re: [9fans] directly opening Plan9 devices Topicbox-Message-UUID: 76afc35c-ead4-11e9-9d60-3106f5b1d025 On Sat, 2009-01-03 at 16:46 -0500, erik quanstrom wrote: > > while replying to Nathaniel's post it dawned on > > me that something like this: > > open("#c/cons", OWRITE|OCEXEC); > > completely breaks the paradigm of namespaces. > > > > IOW, if I wanted to construct a namespace with > > a specially crafted server offering /dev/cons, > > the above would easily break out of that jail. > > see RFNOMNT in rfork(2). Did you see the example I provided in the original email? "rfork m" is *exactly* RFNOMNT. And it doesn't seem to work for one simple reason: RFNOMNT doesn't restrict bind(2). So the question still stands. Thanks, Roman.