From mboxrd@z Thu Jan  1 00:00:00 1970
From: erik quanstrom <quanstro@quanstro.net>
Date: Thu, 29 Jan 2015 06:52:19 -0800
To: 9fans@9fans.net
Message-ID: <a7e9b7053f5e266405f00f2d481b746b@lilly.quanstro.net>
In-Reply-To: <CAHL7psE+6gt35Ntt8MVfvRZR-zH7o_-8AL-B2ufdeRbjfC=bxQ@mail.gmail.com>
References: <CAHL7psHNZrbQuFRz5grmXgR686o2e+-SX=tW6yxnfNaduec5NQ@mail.gmail.com>
	<CAHL7psGPf3z56wjZGJsSVCeEzHBJgtbt17nL-UNA8kXKM-mkuw@mail.gmail.com>
	<CAHL7psFTR7G1N069XoqYkuxJ_P0TYzmXAZ752wVa=9BAOX0CQg@mail.gmail.com>
	<CAHL7psEUjdaV9LABzRrHn1TLftF+moxWV563-tvK+7VLviKhRg@mail.gmail.com>
	<CAHL7psGsJHNBJWwnHzxMDO3ULe+9=crcbB8F4ML41HDBKYLppA@mail.gmail.com>
	<CAOw7k5gTK2U2-FBbgHnEmZAG29Aa-OXBtzFZcgKREX8x0YUgMA@mail.gmail.com>
	<CAHL7psE+6gt35Ntt8MVfvRZR-zH7o_-8AL-B2ufdeRbjfC=bxQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Subject: Re: [9fans] A few questions about 9p
Topicbox-Message-UUID: 3e129178-ead9-11e9-9d60-3106f5b1d025

> >> I can't find details on the file execution permission: looks like a
> malicious client could just ignore it on files and execute anything that it
> can read (obviously I'm just talking about single files,  not directory).
> >
> >     It's not malicious, just incorrect. Obviously you can't execute a
> remote image or script unless you read it.
>
> By malicious I mean that the client could execute a script that it wasn't
> allowed to.

if you can read the executable you can already copy it somewhere, set the execute
bit, and away you go.  the x bit is purely advisory.  it is not a security mechanism.

- erik