From mboxrd@z Thu Jan 1 00:00:00 1970 MIME-Version: 1.0 In-Reply-To: <6DF5FD14-1141-48D6-9A87-04966521E332@ar.aichi-u.ac.jp> References: <7ef5897118148acd265fac9b434f8684@felloff.net> <6DF5FD14-1141-48D6-9A87-04966521E332@ar.aichi-u.ac.jp> Date: Mon, 15 Feb 2016 17:12:16 +1100 Message-ID: From: Bruce Ellis To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Content-Type: multipart/alternative; boundary=001a1130c8d00639ad052bc8e690 Subject: Re: [9fans] bug in exportfs Topicbox-Message-UUID: 843dd9c8-ead9-11e9-9d60-3106f5b1d025 --001a1130c8d00639ad052bc8e690 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable an alternative is just to have an exclude file listing files/directories that cannot be read or walked to. brucee On 15 February 2016 at 12:05, arisawa wrote: > Hello, > > > 2016/02/15 7:57=E3=80=81Charles Forsyth =E3= =81=AE=E3=83=A1=E3=83=BC=E3=83=AB=EF=BC=9A > > > > > > On 14 February 2016 at 16:38, wrote: > > i could imagine the filtering being usefull when cpu'ing to foreign > machines, > > as a server can easily compromize your system when cpu exports your who= le > > local namespace > > > > You'd still be better off using a custom nsfile to control it, running > that cpu in > > a more restricted name space from the start, so leaks are impossible. > > filtering of exportfs is handy if it works well. > for example, assume we want to exclude all files of name that begins with > =E2=80=9C.=E2=80=9D, > then it is probably difficult to do so using only nsfile. > > the =E2=80=9C+=E2=80=9D filtering is almost useless. > it will not be difficult to rewrite the current code so that we have > better matching rule. > (I think ordering of pattern sequence should be used in evaluation.) > however the change may break something others. > (but I doubt the =E2=80=9C+=E2=80=9D filtering is really used) > > > > --001a1130c8d00639ad052bc8e690 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
an alternative is just to have an exclude file listing fil= es/directories that cannot be read or walked to.

brucee<= /div>

On 15 = February 2016 at 12:05, arisawa <arisawa@ar.aichi-u.ac.jp> wrote:
Hello,

> 2016/02/15 7:57=E3=80=81Charles Forsyth <charles.forsyth@gmail.com> =E3=81=AE=E3=83=A1=E3= =83=BC=E3=83=AB=EF=BC=9A
>
>
> On 14 February 2016 at 16:38, <cinap_lenrek@felloff.net> wrote:
> i could imagine the filtering being usefull when cpu'ing to foreig= n machines,
> as a server can easily compromize your system when cpu exports your wh= ole
> local namespace
>
> You'd still be better off using a custom nsfile to control it, run= ning that cpu in
> a more restricted name space from the start, so leaks are impossible.<= br>
filtering of exportfs is handy if it works well.
for example, assume we want to exclude all files of name that begins with = =E2=80=9C.=E2=80=9D,
then it is probably difficult to do so using only nsfile.

the =E2=80=9C+=E2=80=9D filtering is almost useless.
it will not be difficult to rewrite the current code so that we have better= matching rule.
(I think ordering of pattern sequence should be used in evaluation.)
however the change may break something others.
(but I doubt the =E2=80=9C+=E2=80=9D filtering is really used)




--001a1130c8d00639ad052bc8e690--