From mboxrd@z Thu Jan  1 00:00:00 1970
Message-ID: <2cc6e509319590eee5371dc0def82e1a@9netics.com>
To: 9fans@cse.psu.edu
Subject: Re: [9fans] security
Date: Sun, 28 Oct 2007 00:28:34 -0700
From: Skip Tavakkolian <9nut@9netics.com>
In-Reply-To: <47242F70.7070406@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Topicbox-Message-UUID: dc791a96-ead2-11e9-9d60-3106f5b1d025

> There's nothing wrong with importing a remote file system. And
> you're assuming that you actually need credentials to mount the
> remote file system. It is ridiculous to implicitly trust, yes.
> The mitigation of the threat (in this case) is to disallow "."
> from your path. If you want to go deeper you can discuss auditing
> your kernel and the relevant user land source code.

in that case, one should build a sandbox, climb into it and import the
fs.  the potential damage is contained.  maybe 9fs should have an
option to do that.

> So there is a balance between the unknown and the known and
> that balance is what security is all about. You isolate the
> problems you can as best you can. Implicitly trusting is just
> as dangerous as not trusting anything.

i didn't say implicitly trust everything, but if you decided to be
part of a group, you're implicitly trusting them.  it would be as
if you asked every coworker to walk through a metal detector
before they could approach you. if you don't, then you're implicitly
trusting they wont harm you.