From mboxrd@z Thu Jan  1 00:00:00 1970
Date: Tue,  9 May 2000 12:18:19 -0400
From: Alexander Viro viro@math.psu.edu
Subject: [9fans] Plan 9 future (Was: Re: Are the Infernospaces gone?)
Topicbox-Message-UUID: a8f51f4e-eac8-11e9-9e20-41e7f4b1d025
Message-ID: <20000509161819.8LSArDOfEJ9jYgGOT4-esMfHWTiV85WVxesGlp9jowc@z>



On Tue, 9 May 2000 dhog@plan9.bell-labs.com wrote:

> viro@math.psu.edu writes:
> > Heh ;-) Three sets of patches before we get proper namespaces. Kernel
> > _does_ support everything needed  right now, I'll just have to merge
> > union-mount patch and add a new flag to clone(2) (==rfork()). BTW, the
> > last set fed into the tree (hopefully to be there in pre7-7) includes the
> > equivalent of bind(2) and support for disjoint mount trees.
>
> How do you deal with the rather obvious security problems, eg:
>
> 	$ bind passwd /etc/passwd
> 	$ su - root

For bind you need either to be root or to have write permissions on
object you bind onto. Maybe it's too conservative - hell knows, I wanted
to put the variant that would not open obvious holes. We can relax it
later, but for now that should be OK.