From: Amavect <amavect@gmail.com>
To: 9front@9front.org
Subject: Re: [9front] [PATCH] kernel: disallow executing from #| or #d
Date: Sat, 14 May 2022 21:43:11 -0500 [thread overview]
Message-ID: <20220514214311.2da3632d@spruce.localdomain> (raw)
In-Reply-To: <004c4a6d-957d-1623-9b5d-2f6bbf940f24@posixcafe.org>
On Wed, 11 May 2022 10:50:44 -0600
Jacob Moody <moody@mail.posixcafe.org> wrote:
> The roundabout way of checking for permission bits was
> my first pass at removing this capability. I am much
> more in favor of just disabling wstat for devpipe
> personally. If you did want to make one end
> of a pipe read only or write only, doing it through
> wstat feels obtuse due to the attach semantics.
Fair enough. I'm all for it now.
Just make sure #| stat has mode 666 since user none can read it despite
saying mode 600.
> Yeah the man page should not lie, how's this instead?
The .IR parts are off. The (3)s need to be R. See below.
(you already committed yours, whoops)
Thanks,
Amavect
diff 51669adf2446385b38bab4efcb4133c19e9be806 uncommitted
--- a//sys/man/2/fork
+++ b//sys/man/2/fork
@@ -70,9 +70,16 @@
.TP
.B RFNOMNT
If set, subsequent mounts into the new name space and dereferencing
-of pathnames starting with
+of most pathnames starting with
.B #
-are disallowed.
+are disallowed. Specifically
+.IR pipe (3),
+.IR dup (3),
+.IR env (3),
+.IR cons (3),
+and
+.IR proc (3)
+are still permitted.
.TP
.B RFENVG
If set, the environment variables are copied;
next prev parent reply other threads:[~2022-05-15 2:47 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-10 6:40 Jacob Moody
2022-05-10 14:40 ` ori
2022-05-10 16:34 ` Jacob Moody
2022-05-10 19:59 ` Amavect
2022-05-10 22:47 ` Jacob Moody
2022-05-11 4:21 ` Amavect
2022-05-11 6:31 ` Jacob Moody
2022-05-11 16:32 ` Amavect
2022-05-11 16:50 ` Jacob Moody
2022-05-15 2:43 ` Amavect [this message]
2022-05-15 15:26 ` Amavect
2022-05-15 16:28 ` Jacob Moody
2022-05-10 20:52 ` [9front] " Anthony Martin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220514214311.2da3632d@spruce.localdomain \
--to=amavect@gmail.com \
--cc=9front@9front.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).