From mboxrd@z Thu Jan 1 00:00:00 1970 MIME-Version: 1.0 In-Reply-To: <7ef5897118148acd265fac9b434f8684@felloff.net> References: <7ef5897118148acd265fac9b434f8684@felloff.net> Date: Sun, 14 Feb 2016 22:57:16 +0000 Message-ID: From: Charles Forsyth To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Content-Type: multipart/alternative; boundary=047d7b66f33b58aef1052bc2d28d Subject: Re: [9fans] bug in exportfs Topicbox-Message-UUID: 84352ba2-ead9-11e9-9d60-3106f5b1d025 --047d7b66f33b58aef1052bc2d28d Content-Type: text/plain; charset=UTF-8 On 14 February 2016 at 16:38, wrote: > i could imagine the filtering being usefull when cpu'ing to foreign > machines, > as a server can easily compromize your system when cpu exports your whole > local namespace > You'd still be better off using a custom nsfile to control it, running that cpu in a more restricted name space from the start, so leaks are impossible. --047d7b66f33b58aef1052bc2d28d Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

= On 14 February 2016 at 16:38, <cinap_lenrek@felloff.net> wrote:
i could imagine the filtering being usefull whe= n cpu'ing to foreign machines,
as a server can easily compromize your system when cpu exports your whole local namespace

You'd still be better off u= sing a custom nsfile to control it, running that cpu in
a more restricted name space from the start, so leaks are impo= ssible.
--047d7b66f33b58aef1052bc2d28d--