From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: From: Charles Forsyth Date: Thu, 8 Jan 2009 20:11:06 +0000 To: 9fans@9fans.net In-Reply-To: <20090108194553.GO8355@masters10.cs.jhu.edu> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="upas-zvjwuvwjhkjqcyxffcyfeceshh" Subject: Re: [9fans] RFNOMNT and/or "least privilege" Topicbox-Message-UUID: 7d4569ba-ead4-11e9-9d60-3106f5b1d025 This is a multi-part message in MIME format. --upas-zvjwuvwjhkjqcyxffcyfeceshh Content-Disposition: inline Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit i was just pointing it out: i wasn't suggesting that it necessarily added security. (it was a response to the remark that a process could send arbitrary messages; not necessarily.) having said that, i'm not sure it's really a race, more of an ordering restriction: if you mount it before posting, i don't think you can get avoid the checks, so it can be much better than nothing. --upas-zvjwuvwjhkjqcyxffcyfeceshh Content-Type: message/rfc822 Content-Disposition: inline Received: from gouda.swtch.com ([67.207.142.3]) by lavoro; Thu Jan 8 20:01:20 GMT 2009 Received: from localhost ([127.0.0.1] helo=gouda.swtch.com) by gouda.swtch.com with esmtp (Exim 4.67) (envelope-from <9fans-bounces@9fans.net>) id 1LL0pI-0002bu-Sz; Thu, 08 Jan 2009 19:45:56 +0000 Received: from blaze.cs.jhu.edu ([128.220.13.50]) by gouda.swtch.com with esmtp (Exim 4.67) (envelope-from ) id 1LL0pG-0002bn-Jn for 9fans@9fans.net; Thu, 08 Jan 2009 19:45:54 +0000 Received: from masters10.cs.jhu.edu (masters10.cs.jhu.edu [128.220.70.30]) by blaze.cs.jhu.edu (8.14.3/8.14.3) with ESMTP id n08JjrwY006576 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for <9fans@9fans.net>; Thu, 8 Jan 2009 14:45:53 -0500 (EST) Received: from masters10.cs.jhu.edu (localhost.localdomain [127.0.0.1]) by masters10.cs.jhu.edu (8.14.2/8.13.1) with ESMTP id n08Jjrep016917 for <9fans@9fans.net>; Thu, 8 Jan 2009 14:45:53 -0500 Received: (from nwf@localhost) by masters10.cs.jhu.edu (8.14.2/8.13.8/Submit) id n08JjrGF016916 for 9fans@9fans.net; Thu, 8 Jan 2009 14:45:53 -0500 Date: Thu, 8 Jan 2009 14:45:53 -0500 From: Nathaniel W Filardo To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Message-ID: <20090108194553.GO8355@masters10.cs.jhu.edu> References: <1231442954.6916.39.camel@goose.sun.com> <9847b15ea57a37005e48c49620bb7c9a@terzarima.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="4ickEXl+ukcSQ/3E" Content-Disposition: inline In-Reply-To: <9847b15ea57a37005e48c49620bb7c9a@terzarima.net> User-Agent: Mutt/1.5.18 (2008-05-17) Subject: Re: [9fans] RFNOMNT and/or "least privilege" X-BeenThere: 9fans@9fans.net X-Mailman-Version: 2.1.9 Precedence: list Reply-To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> List-Id: Fans of the OS Plan 9 from Bell Labs <9fans.9fans.net> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: 9fans-bounces@9fans.net Errors-To: 9fans-bounces+forsyth=terzarima.net@9fans.net --4ickEXl+ukcSQ/3E Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jan 08, 2009 at 07:57:42PM +0000, Charles Forsyth wrote: > >It now seems, that if your process has a read/write access to=20 > >a channel capable of speaking 9P not letting it mount that > >channel really doesn't accomplish much: whatever messages kernel=20 > >would send on your behalf, you can send directly. >=20 > note that if a Chan has once been mounted it can no longer > be read or written except through devmnt. That's not much of a security guarantee since there's a race window when a channel is first posted to '#s' (e.g.), but yes, it's better than nothing. --nwf;=20 --4ickEXl+ukcSQ/3E Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAklmV/EACgkQTeQabvr9Tc8m5QCfUhw5bSqoqY0dA9L8oyPehX9G j00An3V1mc9WhsXofFk8vPWCFZl7Oa2U =2fPm -----END PGP SIGNATURE----- --4ickEXl+ukcSQ/3E-- --upas-zvjwuvwjhkjqcyxffcyfeceshh--