From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <866da449cc6debeba3d36260cfa2608b@quanstro.net> From: erik quanstrom Date: Mon, 16 Mar 2009 09:37:10 -0400 To: 9fans@9fans.net In-Reply-To: <20090316042359.GI22497@masters6.cs.jhu.edu> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Subject: Re: [9fans] log oversight Topicbox-Message-UUID: bc6b535c-ead4-11e9-9d60-3106f5b1d025 > An alternative for the paranoid perhaps would be to make an additional fs > (in fossil) containing the log files. This fs could be set to accept only > the hostowner's credentials for attach requests. The hostowner, meanwhile, > when constructing namespaces, could bind the right file(s) into the log > directory. I haven't thought it through in more detail than that, but if I > were to engineer a replacement, that's how I'd start. HTH. this would give you exactly the same security behavior as we currently have, but if the fd were ever closed or dup(2)'d over, syslog(2) would stop working. - erik