From mboxrd@z Thu Jan  1 00:00:00 1970
MIME-Version: 1.0
In-Reply-To: <23396C1E-C0AC-4DC5-B511-97B307ECB3A4@ar.aichi-u.ac.jp>
References: <73CCEA09-C492-439D-9E8A-AA2BA9CB93DB@ar.aichi-u.ac.jp>
	<CAK9Gx1c0YgDawi59=mct2BsZvNrKFLimACJ0GF2SKY9Ja+QBzQ@mail.gmail.com>
	<5E232682-7ABD-4564-96C1-89B1540FC4E2@ar.aichi-u.ac.jp>
	<CAK9Gx1d3j3jDFFdTwEZv+8p8WJ0h_-dG-HyKGEGCPrToCiEgQQ@mail.gmail.com>
	<23396C1E-C0AC-4DC5-B511-97B307ECB3A4@ar.aichi-u.ac.jp>
Date: Sat, 13 Feb 2016 14:26:00 +0000
Message-ID: <CAOw7k5gMrWbuoZmfaurN5dwt7vHaLOMj5X2ck1oJ7wu_XTg+YA@mail.gmail.com>
From: Charles Forsyth <charles.forsyth@gmail.com>
To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net>
Content-Type: multipart/alternative; boundary=001a114b0b4210e6cb052ba790dd
Subject: Re: [9fans] bug in exportfs
Topicbox-Message-UUID: 840c5cf4-ead9-11e9-9d60-3106f5b1d025

--001a114b0b4210e6cb052ba790dd
Content-Type: text/plain; charset=UTF-8

On 22 December 2015 at 10:02, arisawa <arisawa@ar.aichi-u.ac.jp> wrote:

>
> The difficulty is in the pattern matching rule.
> If we want to export only /usr/glenda, then the pattern matching filer
> must pass
> /usr
> /usr/glenda
> and must not pass
> /usr/
>

I really wonder about the pattern-matching code being there at all.
Without it, exportfs is constrained by the authenticated user's
permissions, within the exported name space,
and that's enforced by the operating system (system calls).
To export only /usr/glenda, I'd build a name space that has only
/usr/glenda in it, and export that.

The read-only option is enforced by exportfs itself, but at the 9P level:
it's not too hard to enumerate
the messages and options that do not cause modifications and reject all
others (although exportfs wasn't updated to include an
option added later to open). Still, that can be got right once for all by
exportfs.

--001a114b0b4210e6cb052ba790dd
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_extra"><br><div class=3D"gmail_quote">=
On 22 December 2015 at 10:02, arisawa <span dir=3D"ltr">&lt;<a href=3D"mail=
to:arisawa@ar.aichi-u.ac.jp" target=3D"_blank">arisawa@ar.aichi-u.ac.jp</a>=
&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin:0px=
 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);bor=
der-left-style:solid;padding-left:1ex"><br>
The difficulty is in the pattern matching rule.<br>
If we want to export only /usr/glenda, then the pattern matching filer must=
 pass<br>
/usr<br>
/usr/glenda<br>
and must not pass<br>
/usr/<br></blockquote></div><br>I really wonder about the pattern-matching =
code being there at all.</div><div class=3D"gmail_extra">Without it, export=
fs is constrained by the authenticated user&#39;s permissions, within the e=
xported name space,</div><div class=3D"gmail_extra">and that&#39;s enforced=
 by the operating system (system calls).</div><div class=3D"gmail_extra">To=
 export only /usr/glenda, I&#39;d build a name space that has only /usr/gle=
nda in it, and export that.</div><div class=3D"gmail_extra"><br></div><div =
class=3D"gmail_extra">The read-only option is enforced by exportfs itself, =
but at the 9P level: it&#39;s not too hard to enumerate</div><div class=3D"=
gmail_extra">the messages and options that do not cause modifications and r=
eject all others (although exportfs wasn&#39;t updated to include an</div><=
div class=3D"gmail_extra">option added later to open). Still, that can be g=
ot right once for all by exportfs.</div></div>

--001a114b0b4210e6cb052ba790dd--