From mboxrd@z Thu Jan  1 00:00:00 1970
Message-ID: <67016f97820f7efb8d96e0da91170cc6@juice.thebigchoice.com>
From: matt@proweb.co.uk
To: 9fans@cse.psu.edu
Subject: Re: [9fans] x10
In-Reply-To: <1081344050.4565.507.camel@zevon>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Date: Wed,  7 Apr 2004 14:41:19 +0100
Topicbox-Message-UUID: 5470eea8-eacd-11e9-9e20-41e7f4b1d025


>> I'd like a rfork flag to prevent bind() altogether.

> Why?

if someone supplies you a binary you could fork a shell without binding, clear the namespace and run the supplied binary. Like chroot & jailing it

However, preventing binds altogether seems a bit strange

if you fork with 

          RFNOMNT   If set, subsequent mounts into the new name space
                    and dereferencing of pathnames starting with # are
                    disallowed.
and

     RFCNAMEG  If set, the new process starts with a clean name
                    space. A new name space must be built from a mount
                    of an open file descriptor.  Is mutually exclusive
                    with RFNAMEG.

what can you lose from allowing the binary from manipulating it's own namespace?

m