From: cinap_lenrek@gmx.de
To: 9fans@9fans.net
Subject: Re: [9fans] What's up with $home? And a security question.
Date: Sun, 24 Feb 2013 05:33:06 +0100 [thread overview]
Message-ID: <82da3b0407791527677e85f1ffadcceb@rei2.9hal> (raw)
In-Reply-To: <CABB-WO_b4uc-AFSGs99iM-aKvYHYJqizhJeFVNADbAJ80Fr02g@mail.gmail.com>
cpu and exportfs accept a pattern file (-P) option.
with this, you can make cpu export only the namespace parts that
you want to give the cpu server access to.
the difficulty lies in how to decide what you want to export and
still keep cpu usefull. if you really assume a compromized cpu
server, then you cant really export anything but /dev/cons.
(and even then, he can trick you and make the cpu session look
like it errored out, but you'r really on the cpu server and he
will then try to capture your keystrokes to get the password).
i would be interested to hear from someone who thought about this
and made up some good conventions that work.
for now, i would suggest not to cpu into machines that you
do not trust. but its hard to know who you can trust and even
then, machines might have been hacked without the knowledge
of the owner.
--
cinap
next prev parent reply other threads:[~2013-02-24 4:33 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-02-24 2:49 Stuart Morrow
2013-02-24 3:05 ` andrey mirtchovski
2013-02-24 3:43 ` Stuart Morrow
2013-02-24 3:53 ` andrey mirtchovski
2013-02-24 4:19 ` Stuart Morrow
2013-02-24 4:45 ` Federico G. Benavento
2013-02-24 5:06 ` Stuart Morrow
2013-02-24 5:10 ` andrey mirtchovski
2013-02-24 5:20 ` Stuart Morrow
2013-02-24 6:24 ` Bruce Ellis
2013-02-24 7:05 ` Matthew Veety
2013-02-24 7:14 ` Bruce Ellis
2013-02-24 9:31 ` steve
2013-02-24 4:33 ` cinap_lenrek [this message]
2013-02-24 4:27 Erik Quanstrom
2013-02-24 4:53 ` Stuart Morrow
[not found] <CABB-WO9gegFWirXjQhAK0g9vNHn=W2+vwC+bTvRcRDw7xs096g@mail.gmail.c>
2013-02-24 13:29 ` a
2013-02-25 8:49 ` Bruce Ellis
2013-02-25 11:56 ` Charles Forsyth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=82da3b0407791527677e85f1ffadcceb@rei2.9hal \
--to=cinap_lenrek@gmx.de \
--cc=9fans@9fans.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).