From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, RCVD_IN_ZEN_BLOCKED_OPENDNS,URIBL_DBL_BLOCKED_OPENDNS, URIBL_ZEN_BLOCKED_OPENDNS autolearn=ham autolearn_force=no version=3.4.4 Received: from txout-a4-smtp.messagingengine.com (txout-a4-smtp.messagingengine.com [103.168.172.227]) by inbox.vuxu.org (Postfix) with ESMTP id 4413D24D80 for ; Sun, 14 Dec 2025 05:26:41 +0100 (CET) Received: from localhost.localdomain (phl-topicbox-01.internal [10.202.2.219]) by mailtxout.phl.internal (Postfix) with ESMTP id C22911C0173 for ; Sat, 13 Dec 2025 23:26:40 -0500 (EST) ARC-Authentication-Results: i=2; topicbox.com; arc=pass; dkim=none (no signatures found); dmarc=none policy.published-domain-policy=none policy.applied-disposition=none policy.evaluated-disposition=none (p=none,d=none,d.eval=none) policy.policy-from=p header.from=fjrhome.net; spf=pass smtp.mailfrom=fde101@fjrhome.net smtp.helo=mx3596.can1.mymailhosting.com; x-internal-arc=fail (as.1.topicbox.com=pass, ams.1.topicbox.com=fail (message has been altered)) (Message modified while forwarding at Topicbox) ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d= topicbox.com; h=message-id:date:mime-version:to:references:from :in-reply-to:content-type:content-transfer-encoding:list-help :list-id:list-post:list-subscribe:reply-to:subject :list-unsubscribe; s=sysmsg-1; t=1765686400; bh=fDnPpyWQvimkBRq2 hGlh7B1+d/xmmGj73OelPc9XV3c=; b=ZPU/AN2LPsTHq+nzKZFfLnjlG6W11ZPp laB//xcejCgMsYSOtUk5j9WvaI990OyEDYcmaB79+JMkpXfYGW+OjM9SoYZWpIX8 nduRxOS2WchQFccNnStwBZrAIrMJROJWoRzwoHOgylWVYKSpYK//bDrzjoa6xqIe NBUfNO3iRC0= ARC-Seal: i=2; a=rsa-sha256; cv=pass; d=topicbox.com; s=sysmsg-1; t= 1765686400; b=DbhX3+ADFSCM4yHYHxlnSaKoWioLL78WvNFM3NXOu7w8zjNEH+ w6pVNspRwaBhcJ4gi2CMufBqlkTyrPI0hQ1ZAUEVrmswvYss0IHFA4cT5TbW8WKm HxcTuLJSeZ+4SEuEpKV8pMdFRzJYc3g9soOnGRvrrwX08QNfDhedOvlQQ= Authentication-Results: topicbox.com; arc=pass; dkim=none (no signatures found); dmarc=none policy.published-domain-policy=none policy.applied-disposition=none policy.evaluated-disposition=none (p=none,d=none,d.eval=none) policy.policy-from=p header.from=fjrhome.net; spf=pass smtp.mailfrom=fde101@fjrhome.net smtp.helo=mx3596.can1.mymailhosting.com; x-internal-arc=fail (as.1.topicbox.com=pass, ams.1.topicbox.com=fail (message has been altered)) (Message modified while forwarding at Topicbox) X-Received-Authentication-Results: authmilter.topicbox.com; arc=none (no signatures found); bimi=skipped (DMARC did not pass); dkim=none (no signatures found); dmarc=none policy.published-domain-policy=none policy.applied-disposition=none policy.evaluated-disposition=none (p=none,d=none,d.eval=none) policy.policy-from=p header.from=fjrhome.net; iprev=pass smtp.remote-ip=192.250.237.178 (mx3596.can1.mymailhosting.com); spf=pass smtp.mailfrom=fde101@fjrhome.net smtp.helo=mx3596.can1.mymailhosting.com; x-aligned-from=pass (Address match); x-me-sender=none; x-ptr=pass smtp.helo=mx3596.can1.mymailhosting.com policy.ptr=mx3596.can1.mymailhosting.com; x-return-mx=pass header.domain=fjrhome.net policy.is_org=yes (MX Records found: dpmailbu.doteasy.com,dpmail01.doteasy.com); x-return-mx=pass smtp.domain=fjrhome.net policy.is_org=yes (MX Records found: dpmailbu.doteasy.com,dpmail01.doteasy.com); x-tls=pass smtp.version=TLSv1.3 smtp.cipher=TLS_AES_256_GCM_SHA384 smtp.bits=256/256; x-vs=clean score=0 state=0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=9fans.net; h=message-id :date:mime-version:to:references:from:in-reply-to:content-type :content-transfer-encoding:list-help:list-id:list-post :list-subscribe:reply-to:subject:list-unsubscribe; s=dkim-1; t= 1765686400; x=1765772800; bh=CCrd+wrx4lvntKOYCtVvYZJBZOKpvZ1Xaj0 8m2VAXGc=; b=lztunhz6bTzy1F1+RGDjfmS7P7hfV8XdRWtPnCmop54Oo0yIXXV xUy2quYP/g3nAWEgslHyGLZ/5Rq/Ub1SGsVEeFb3IcyybQOILSF9A3UeSWLBsvLB u2oHHgRDGdLfgadOAvoNnlAvbUcelnsbs1Qq/5EA28wFVAAabbQlQ82g= Received: from authmilter.topicbox.com (unknown [172.17.0.1]) by mx.topicbox.com (Postfix) with ESMTP id 76FFE35CBF38 for <9fans@9fans.net>; Sat, 13 Dec 2025 21:58:26 -0500 (EST) Received: from mx.topicbox.com (172.17.0.1 [172.17.0.1]) by authmilter.topicbox.com (Authentication Milter) with ESMTP id A84F1A2609D; Sat, 13 Dec 2025 21:58:26 -0500 ARC-Seal: i=1; a=rsa-sha256; cv=none; d=topicbox.com; s=arcseal; t= 1765681106; b=LDeUYsrGpe7ZPgL/g99C8LFcvfnYfQMBVpJNo1wl9MzOPUc0OR ObYQvzNZ+RJ9YPzIylNSIV0hr2YmVG6XAyySvs6sg0xFZUw1RzBAzckgmQz1ZExy WayXPhSXz5Ru6Lms436ZUB1phsdAoVVdzZiJm3vAYmiukPij862DpwjqaSiiB7VX keGKK5lkEgZBSXliks6wbnCAV+etJopoIJlqmV7jFfk3ygMY7JoWzckVRBBeBXzi 0jXQOXAdTX0L69uHxY4ylBnW3iv4tTQkH1qrUzIldIpid5KgMN+fK8sYiMpYyguC rjvp0OPV/6V30nccISwrEZFgOLBKtWnIoMbw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d= topicbox.com; h=message-id:date:mime-version:subject:to :references:from:in-reply-to:content-type :content-transfer-encoding; s=arcseal; t=1765681106; bh=1HEU+4RX 4Uou09HZyPgDsIXokn4aPV0mR9S3KTLk4fU=; b=ex/dYagC74FfptdfUqA5qosG LPnrYFMBE028PQGjdYXyAv3iXOh3lF7tRwNg9p5QxRwnso4dm9KHLG1PX6pOyNBW 2k0k7vo89uF0WgpFEy6kD+Nid0z3idMXHIGa7IgM2iFs4Q88mS0rkemmxCfFJPKZ CwHkNNym+n8+V2fkIXql3n/PfnRiBdrqnc9Lx/hZ1cm5DtlBggUdwCFf9L97b4g8 +Ju8FPoGXcaLAEAmDjXDpPTHDrZYA/UGXwFIx2poinRc6QIsxCelTrN7Wq6Z7H70 ZZJe2j57Nv9VsgXpCxnDY56RdJCw0u9t3xvueya5xSc0c30iN04OzoXpKb2KOA== ARC-Authentication-Results: i=1; authmilter.topicbox.com; arc=none (no signatures found); bimi=skipped (DMARC did not pass); dkim=none (no signatures found); dmarc=none policy.published-domain-policy=none policy.applied-disposition=none policy.evaluated-disposition=none (p=none,d=none,d.eval=none) policy.policy-from=p header.from=fjrhome.net; iprev=pass smtp.remote-ip=192.250.237.178 (mx3596.can1.mymailhosting.com); spf=pass smtp.mailfrom=fde101@fjrhome.net smtp.helo=mx3596.can1.mymailhosting.com; x-aligned-from=pass (Address match); x-me-sender=none; x-ptr=pass smtp.helo=mx3596.can1.mymailhosting.com policy.ptr=mx3596.can1.mymailhosting.com; x-return-mx=pass header.domain=fjrhome.net policy.is_org=yes (MX Records found: dpmailbu.doteasy.com,dpmail01.doteasy.com); x-return-mx=pass smtp.domain=fjrhome.net policy.is_org=yes (MX Records found: dpmailbu.doteasy.com,dpmail01.doteasy.com); x-tls=pass smtp.version=TLSv1.3 smtp.cipher=TLS_AES_256_GCM_SHA384 smtp.bits=256/256; x-vs=clean score=0 state=0 X-ME-VSCause: gggruggvucftvghtrhhoucdtuddrgeefgedrtddtgdefvdektdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdp uffrtefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecunecujfgurhepkfffgg gfuffvfhfhjggtgfesthhqredttddvjeenucfhrhhomhepfdfhrhgrnhhkucffrdcugfhn ghgvlhgmpdculfhrrddfuceofhguvgdutddusehfjhhrhhhomhgvrdhnvghtqeenucggtf frrghtthgvrhhnpeehfffhiefggeelgefgkeegueeufeefiedtvdegvddvieehudeuheef leejveefueenucffohhmrghinhepphhrohhfihhlvgdrsghipdhrvghgshdrsghipdhsvg hgmhgvnhhtrdgsihdptghhrghnrdgsihdpshhtrghtuhhsrdgsihdpthgvgihtrdgsihen ucfkphepudelvddrvdehtddrvdefjedrudejkedpleekrdduudejrdduuddrudefheenuc evlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepihhnvghtpeduledvrddvhedtrddv feejrddujeekpdhhvghlohepmhigfeehleeirdgtrghnuddrmhihmhgrihhlhhhoshhtih hnghdrtghomhdpmhgrihhlfhhrohhmpeeofhguvgdutddusehfjhhrhhhomhgvrdhnvght qedpnhgspghrtghpthhtohepuddprhgtphhtthhopeeolehfrghnsheslehfrghnshdrnh gvtheq X-ME-VSScore: 0 X-ME-VSCategory: clean Received-SPF: pass (fjrhome.net: Sender is authorized to use 'fde101@fjrhome.net' in 'mfrom' identity (mechanism 'include:_hostingspf.doteasy.com' matched)) receiver=authmilter.topicbox.com; identity=mailfrom; envelope-from="fde101@fjrhome.net"; helo=mx3596.can1.mymailhosting.com; client-ip=192.250.237.178 Received: from mx3596.can1.mymailhosting.com (mx3596.can1.mymailhosting.com [192.250.237.178]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx.topicbox.com (Postfix) with ESMTPS for <9fans@9fans.net>; Sat, 13 Dec 2025 21:58:25 -0500 (EST) X-SmarterMail-Authenticated-As: fde101@fjrhome.net Received: from [192.168.1.95] (pool-98-117-11-135.hrbgpa.fios.verizon.net [98.117.11.135]) by mx3596.can1.mymailhosting.com with SMTP (version=Tls13 cipher=Aes256 bits=256); Sun, 14 Dec 2025 02:58:15 +0000 Message-ID: <167ace73-f1df-49f5-bed0-1682e38a19e3@fjrhome.net> Date: Sat, 13 Dec 2025 21:58:15 -0500 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird To: 9front@9front.org, 9fans@9fans.net References: <33BB7902D0B6A6B88BE31817F26530D6@eigenstate.org> From: "Frank D. Engel, Jr." In-Reply-To: <33BB7902D0B6A6B88BE31817F26530D6@eigenstate.org> Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable Topicbox-Policy-Reasoning: moderate: sender is a member; group holds all messages Topicbox-Message-UUID: c3a46d80-d898-11f0-bc2e-45200fc0285f Archived-At: =?UTF-8?B?PGh0dHBzOi8vOWZhbnMudG9waWNib3guY29tL2dyb3Vwcy85?= =?UTF-8?B?ZmFucy9UZGYxNDA3ZTc5ZjIxN2VhMi1NYTgwZGI4ZGU3ZWIyZWMzMjAwYWU2?= =?UTF-8?B?ODkwPg==?= List-Help: List-Id: "9fans" <9fans.9fans.net> List-Post: List-Software: Topicbox v0 List-Subscribe: Precedence: list Reply-To: 9fans <9fans@9fans.net> Subject: [9fans] Re: [9front] Enterable namespaces: /proc/pid/$ns/srv List-Unsubscribe: , Topicbox-Delivery-ID: 2:9fans:437d30aa-c441-11e9-8a57-d036212d11b0:522be890-2105-11eb-b15e-8d699134e1fa:Ma80db8de7eb2ec3200ae6890:1:uml7eSBWs4dMDz5Xjok8npSC2lQxT7eMgNGaPe-8uSk Doesn't that create a security hole by making it possible to access to=20 private ramdisks and factotum instances and the like which were=20 previously not accessible to the process? On 12/13/25 19:54, ori@eigenstate.org wrote: > This patch makes it possible to enter a namespace through > /proc/$pid/ns, like so: > > auth/newns -n /proc/$pid/ns $cmd > > or through procesing the namespace file any other way > that they want. > > with the hope it'll be useful for things like fixing up > tab completion in rio, making the plumber responsive to > the local namespace that we are plumbing from, and other > things that we haven't figured out yet. > > It works by making the chans for a proc's mounts available > via /proc/$pid/srv/$id, and changing /proc/$pid/ns to use > the channel name rather than files other procs can't access, > such as '#|'. > > Hopefully folks will be able to experiment a bit with this, > and figure out some good uses for it. > > > diff 4341e26ac5d5cb86af2e1d88dd85365e7feb3a59 uncommitted > --- a/sys/man/3/proc > +++ b/sys/man/3/proc > @@ -22,6 +22,7 @@ > .BI /proc/ n /profile > .BI /proc/ n /regs > .BI /proc/ n /segment > +.BI /proc/ n /srv/ chan > .BI /proc/ n /status > .BI /proc/ n /text > .BI /proc/ n /wait > @@ -127,6 +128,15 @@ > for read-only, if any; > starting virtual address, in hexadecimal; > ending virtual address, and reference count. > +.PP > +The > +.B srv > +directory provides a directory holding already-open channels > +to services in the style of > +.IR srv (3). > +This allows a process with appropriate permissions to execute the > +.I ns > +file and accurately reproduce the namespace of the process that is runni= ng. > .PP > The read-only > .B status > --- a/sys/src/9/port/devproc.c > +++ b/sys/src/9/port/devproc.c > @@ -28,6 +28,8 @@ > Qnoteid, > Qnotepg, > Qns, > + Qsrv, > + Qchan, > Qppid, > Qproc, > Qregs, > @@ -100,6 +102,7 @@ > "noteid", {Qnoteid}, 0, 0664, > "notepg", {Qnotepg}, 0, 0000, > "ns", {Qns}, 0, 0444, > + "srv", {Qsrv,0,QTDIR}, 0, 0555, > "ppid", {Qppid}, 0, 0444, > "proc", {Qproc}, 0, 0400, > "regs", {Qregs}, sizeof(Ureg), 0000, > @@ -154,8 +157,8 @@ > * in vers, > * 32 bits of pid, for consistency checking > */ > -#define QSHIFT 5 /* location in qid of proc slot # */ > - > +#define QSHIFT 5 /* location in qid of proc slot # */ > +#define CSHIFT (26+5) /* location in qid of chan # */ > #define QID(q) ((((ulong)(q).path)&0x0000001F)>>0) > #define SLOTMAX 0x4000000 > #define SLOT(q) (((((ulong)(q).path)>>QSHIFT)&(SLOTMAX-1))-= 1) > @@ -175,6 +178,39 @@ >=20=20=20 > static int lenwatchpt(Proc *); >=20=20=20 > +static Chan* > +mntchan(Proc *p, Chan *c) > +{ > + char *s, *t, buf[32]; > + Chan *nc, *mc; > + Pgrp *pg; > + Mount *f; > + > + s =3D c->path->s; > + if((t =3D strrchr(s, '/')) !=3D nil) > + s =3D t+1; > + > + pg =3D p->pgrp; > + if(pg =3D=3D nil) > + error(Eprocdied); > + > + nc =3D nil; > + rlock(&pg->ns); > + for(f =3D pg->mntorder; f !=3D nil; f =3D f->order){ > + if(strcmp(f->to->path->s, "#M") !=3D 0) > + continue; > + mc =3D f->to->mchan; > + snprint(buf, sizeof(buf), "%ld.%x.%llx", mc->dev, mc->type,= mc->qid.path); > + if(strcmp(s, buf) =3D=3D 0){ > + nc =3D f->to->mchan; > + incref(nc); > + break; > + } > + } > + runlock(&pg->ns); > + return nc; > +} > + > static int > procgen(Chan *c, char *name, Dirtab *tab, int, int s, Dir *dp) > { > @@ -182,7 +218,13 @@ > Proc *p; > char *ename; > Segment *q; > - ulong pid, path, perm, len; > + Mount *f; > + Chan *mc; > + Pgrp *pg; > + ulong pid, perm, len; > + uvlong path; > + char *e, *t; > + int i; >=20=20=20 > if(s =3D=3D DEVDOTDOT){ > mkqid(&qid, Qdir, 0, QTDIR); > @@ -226,9 +268,46 @@ > devdir(c, qid, up->genbuf, 0, p->user, 0555, dp); > return 1; > } > + if(QID(c->qid) =3D=3D Qsrv){ > + i =3D 0; > + p =3D proctab(SLOT(c->qid)); > + pg =3D p->pgrp; > + if(pg =3D=3D nil || p->dot =3D=3D nil || p->pid !=3D PID(c-= >qid)) > + error(Eprocdied); > + rlock(&pg->ns); > + for(f =3D pg->mntorder; f !=3D nil; f =3D f->order){ > + if(strcmp(f->to->path->s, "#M") !=3D 0) > + continue; > + if(i++ >=3D s) > + break; > + } > + if(f =3D=3D nil){ > + runlock(&pg->ns); > + return -1; > + } > + mc =3D f->to->mchan; > + path =3D ((uvlong)i<qid.path&~((1< + snprint(up->genbuf, sizeof(up->genbuf), "%ld.%x.%llx", mc->= dev, mc->type, mc->qid.path); > + mkqid(&qid, path | Qchan, p->pid, QTFILE); > + devdir(c, qid, up->genbuf, 0, p->user, 0400, dp); > + runlock(&pg->ns); > + return 1; > + } > + if(QID(c->qid) =3D=3D Qchan){ > + p =3D proctab(SLOT(c->qid)); > + if(p->dot =3D=3D nil || p->pid !=3D PID(c->qid)) > + error(Eprocdied); > + e =3D c->path->s; > + if((t =3D strrchr(e, '/')) !=3D nil) > + e =3D t+1; > + snprint(up->genbuf, sizeof(up->genbuf), "%s", e); > + mkqid(&qid, c->qid.path, p->pid, QTFILE); > + devdir(c, qid, up->genbuf, 0, eve, 0400, dp); > + return 1; > + } > if(c->qid.path =3D=3D Qtrace){ > strcpy(up->genbuf, "trace"); > - mkqid(&qid, Qtrace, -1, QTFILE); > + mkqid(&qid, c->qid.path, -1, QTFILE); > devdir(c, qid, up->genbuf, 0, eve, 0400, dp); > return 1; > } > @@ -265,7 +344,7 @@ > break; > } >=20=20=20 > - mkqid(&qid, path|tab->qid.path, c->qid.vers, QTFILE); > + mkqid(&qid, path|tab->qid.path, c->qid.vers, tab->qid.type); > devdir(c, qid, tab->name, len, p->user, perm, dp); > return 1; > } > @@ -398,6 +477,7 @@ > c->offset =3D 0; > return c; > } > + >=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20 > p =3D proctab(SLOT(c->qid)); > eqlock(&p->debug); > @@ -436,7 +516,13 @@ > if(omode !=3D OREAD) > error(Eperm); > break; > - > + case Qchan: > + tc =3D mntchan(p, c); > + if(tc =3D=3D nil) > + error(Eshutdown); > + devpermcheck(p->user, c->mode, omode); > + nonone(p); > + goto Found; > case Qctl: > case Qargs: > case Qwait: > @@ -488,8 +574,8 @@ > clearwatchpt(p); > break; > } > -=20=20=20=20=20 > poperror(); > +Found: > qunlock(&p->debug); > poperror(); >=20=20=20 > @@ -641,10 +727,11 @@ > static int > readns1(Chan *c, Proc *p, char *buf, int nbuf) > { > + char flag[10], srv[32]; > Pgrp *pg; > Mount *f; > - char flag[10], *srv; > - int i; > + Chan *mc; > + int i, n; >=20=20=20 > pg =3D p->pgrp; > if(pg =3D=3D nil || p->dot =3D=3D nil || p->pid !=3D PID(c->qid)) > @@ -656,32 +743,33 @@ > rlock(&pg->ns); >=20=20=20 > i =3D 0; > - for(f =3D pg->mntorder; f !=3D nil; f =3D f->order) { > + for(f =3D pg->mntorder; f !=3D nil; f =3D f->order) > if(i++ >=3D c->nrock) > break; > - } >=20=20=20 > if(f =3D=3D nil) { > c->nrock =3D -1; > - i =3D snprint(buf, nbuf, "cd %q\n", p->dot->path->s); > + n =3D snprint(buf, nbuf, "cd %q\n", p->dot->path->s); > } else { > c->nrock =3D i; > int2flag(f->mflag, flag); > if(strcmp(f->to->path->s, "#M") =3D=3D 0){ > - srv =3D f->to->mchan->srvname; > - if(srv =3D=3D nil) > - srv =3D f->to->mchan->path->s; > - i =3D snprint(buf, nbuf, *f->spec? > - "mount %s %q %q %q\n": "mount %s %q %q\n", = flag, > - srv, f->umh->from->path->s, f->spec); > + mc =3D f->to->mchan; > + snprint(srv, sizeof(srv), "%ld.%x.%llx", mc->dev, m= c->type, mc->qid.path); > + if(f->spec[0] !=3D 0) > + n =3D snprint(buf, nbuf, "mount %s /proc/%l= ud/srv/%q %q %q\n", > + flag, p->pid, srv, f->umh->from->pa= th->s, f->spec); > + else > + n =3D snprint(buf, nbuf, "mount %s /proc/%l= ud/srv/%q %q\n", > + flag, p->pid, srv, f->umh->from->pa= th->s); > }else{ > - i =3D snprint(buf, nbuf, "bind %s %q %q\n", flag, > + n =3D snprint(buf, nbuf, "bind %s %q %q\n", flag, > f->to->path->s, f->umh->from->path->s); > } > } > runlock(&pg->ns); >=20=20=20 > - return i; > + return n; > } >=20=20=20 > int > ------------------------------------------ 9fans: 9fans Permalink: https://9fans.topicbox.com/groups/9fans/Tdf1407e79f217ea2-Ma80db= 8de7eb2ec3200ae6890 Delivery options: https://9fans.topicbox.com/groups/9fans/subscription