From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <47242F70.7070406@gmail.com> Date: Sun, 28 Oct 2007 00:42:56 -0600 From: don bailey User-Agent: Thunderbird 2.0.0.6 (X11/20070816) MIME-Version: 1.0 To: Fans of the OS Plan 9 from Bell Labs <9fans@cse.psu.edu> Subject: Re: [9fans] security References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Topicbox-Message-UUID: dc739d6e-ead2-11e9-9d60-3106f5b1d025 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > your comments seem contradictory to me. on the one hand you imply > that there is trust - presumably to collaborate, hence the reason > you'd want to import a foreign fs and be allowed to do so by the foreign > fs owner to start - and then you say trust is ridiculous. > There's nothing wrong with importing a remote file system. And you're assuming that you actually need credentials to mount the remote file system. It is ridiculous to implicitly trust, yes. The mitigation of the threat (in this case) is to disallow "." from your path. If you want to go deeper you can discuss auditing your kernel and the relevant user land source code. So there is a balance between the unknown and the known and that balance is what security is all about. You isolate the problems you can as best you can. Implicitly trusting is just as dangerous as not trusting anything. D -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHJC9syWX0NBMJYAcRAqyKAKCm9gId4hO1oKYMV3Ke6EpTqeNxCQCgvGRl HXFzFwvt1R7CDX1AjUjzxIg= =WOs0 -----END PGP SIGNATURE-----