From mboxrd@z Thu Jan 1 00:00:00 1970 Date: Sat, 3 Jan 2009 14:40:24 -0800 From: "Roman V. Shaposhnik" In-reply-to: <5815b4f0a81ae76e01b8987ae27bdb31@quanstro.net> To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Message-id: <1231022424.11463.231.camel@goose.sun.com> MIME-version: 1.0 Content-type: text/plain Content-transfer-encoding: 7BIT References: <5815b4f0a81ae76e01b8987ae27bdb31@quanstro.net> Subject: Re: [9fans] directly opening Plan9 devices Topicbox-Message-UUID: 76dabaf8-ead4-11e9-9d60-3106f5b1d025 On Sat, 2009-01-03 at 17:03 -0500, erik quanstrom wrote: > > Did you see the example I provided in the original > > email? "rfork m" is *exactly* RFNOMNT. And it doesn't > > seem to work for one simple reason: RFNOMNT doesn't > > restrict bind(2). > > these are exceptions. from port/chan.c: > > case '#': > nomount = 1; > up->genbuf[0] = '\0'; > n = 0; > while(*name != '\0' && (*name != '/' || n < 2)){ > if(n >= sizeof(up->genbuf)-1) > error(Efilename); > up->genbuf[n++] = *name++; > } > up->genbuf[n] = '\0'; > /* > * noattach is sandboxing. > * > * the OK exceptions are: > * | it only gives access to pipes you create > * d this process's file descriptors > * e this process's environment > * the iffy exceptions are: > * c time and pid, but also cons and consctl > * p control of your own processes (and unfortunately > * any others left unprotected) > */ > n = chartorune(&r, up->genbuf+1)+1; > /* actually / is caught by parsing earlier */ > >>>> if(utfrune("M", r)) > >>>> error(Enoattach); > >>>> if(up->pgrp->noattach && utfrune("|decp", r)==nil) > error(Enoattach); > t = devno(r, 1); > if(t == -1) > error(Ebadsharp); > c = devtab[t]->attach(up->genbuf+n); > break; > > the first two indicated lines are redundant. > i'm not so sure about any of the exceptions. Two comments: 0. First of all, thanks for the code snippet. I'm so used to Plan9 having as little exceptions as possible and being very well documents that I sometimes forget to look for the source. 1. This better be documented in the man pages, if you ask me. And finally, I'd say having these exceptions is a mistake. Unless, there's a really good reason, they break the paradigm of RFNOMNT quite needlessly without even a hint of a benefit. Anybody disagrees? Thanks, Roman.