From: don bailey <don.bailey@gmail.com>
To: Fans of the OS Plan 9 from Bell Labs <9fans@cse.psu.edu>
Subject: Re: [9fans] security
Date: Sun, 28 Oct 2007 00:42:56 -0600 [thread overview]
Message-ID: <47242F70.7070406@gmail.com> (raw)
In-Reply-To: <a9bde0ac2ae98aafce1992786d696cc8@9netics.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> your comments seem contradictory to me. on the one hand you imply
> that there is trust - presumably to collaborate, hence the reason
> you'd want to import a foreign fs and be allowed to do so by the foreign
> fs owner to start - and then you say trust is ridiculous.
>
There's nothing wrong with importing a remote file system. And
you're assuming that you actually need credentials to mount the
remote file system. It is ridiculous to implicitly trust, yes.
The mitigation of the threat (in this case) is to disallow "."
from your path. If you want to go deeper you can discuss auditing
your kernel and the relevant user land source code.
So there is a balance between the unknown and the known and
that balance is what security is all about. You isolate the
problems you can as best you can. Implicitly trusting is just
as dangerous as not trusting anything.
D
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHJC9syWX0NBMJYAcRAqyKAKCm9gId4hO1oKYMV3Ke6EpTqeNxCQCgvGRl
HXFzFwvt1R7CDX1AjUjzxIg=
=WOs0
-----END PGP SIGNATURE-----
next prev parent reply other threads:[~2007-10-28 6:42 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-10-26 22:38 [9fans] grap retarded?? Pietro Gagliardi
2007-10-26 23:17 ` geoff
2007-10-26 23:22 ` Pietro Gagliardi
2007-10-27 2:51 ` [9fans] detecting spam arisawa
2007-10-27 3:16 ` Pietro Gagliardi
2007-10-27 4:38 ` [9fans] security erik quanstrom
2007-10-27 9:03 ` roger peppe
2007-10-27 10:04 ` arisawa
2007-10-27 12:48 ` Uriel
2007-10-27 14:54 ` erik quanstrom
2007-10-27 17:19 ` Tim Newsham
2007-10-27 19:18 ` erik quanstrom
2007-10-27 22:20 ` don bailey
2007-10-27 22:25 ` Pietro Gagliardi
2007-10-27 22:33 ` don bailey
2007-10-28 0:17 ` David Leimbach
2007-10-28 6:00 ` Skip Tavakkolian
2007-10-28 6:06 ` john
2007-10-28 8:32 ` Joel C. Salomon
2007-10-28 20:53 ` Charles Forsyth
2007-10-27 23:40 ` Skip Tavakkolian
2007-10-28 6:11 ` don bailey
2007-10-28 6:30 ` Skip Tavakkolian
2007-10-28 6:42 ` don bailey [this message]
2007-10-28 7:28 ` Skip Tavakkolian
2007-10-28 12:53 ` Pietro Gagliardi
2007-10-28 15:52 ` don bailey
2007-10-28 15:51 ` don bailey
2007-10-28 15:59 ` Iruata Souza
2007-10-28 16:30 ` don bailey
2007-10-28 17:14 ` Iruata Souza
2007-10-28 17:22 ` Gabriel Diaz
2007-10-28 17:44 ` Pietro Gagliardi
2007-10-28 20:37 ` Charles Forsyth
2007-10-28 16:10 ` erik quanstrom
2007-10-28 16:26 ` don bailey
2007-10-28 18:30 ` Skip Tavakkolian
2007-10-28 18:43 ` Uriel
2007-10-28 18:58 ` Iruata Souza
2007-10-28 22:48 ` arisawa
2007-10-28 23:29 ` Pietro Gagliardi
2007-10-29 2:30 ` Skip Tavakkolian
2007-10-27 9:00 ` [9fans] detecting spam roger peppe
2007-10-27 13:16 ` Pietro Gagliardi
2007-10-27 13:41 ` erik quanstrom
2007-10-27 13:43 ` Pietro Gagliardi
2007-10-27 14:04 ` Martin Neubauer
2007-10-29 10:10 ` [9fans] grap retarded?? Douglas A. Gwyn
2007-10-29 18:43 ` Pietro Gagliardi
2007-10-29 10:10 ` Douglas A. Gwyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47242F70.7070406@gmail.com \
--to=don.bailey@gmail.com \
--cc=9fans@cse.psu.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).