From: Amavect <firstname.lastname@example.org> To: email@example.com Subject: Re: [9front] [PATCH] kernel: disallow executing from #| or #d Date: Sat, 14 May 2022 21:43:11 -0500 [thread overview] Message-ID: <firstname.lastname@example.org> (raw) In-Reply-To: <email@example.com> On Wed, 11 May 2022 10:50:44 -0600 Jacob Moody <firstname.lastname@example.org> wrote: > The roundabout way of checking for permission bits was > my first pass at removing this capability. I am much > more in favor of just disabling wstat for devpipe > personally. If you did want to make one end > of a pipe read only or write only, doing it through > wstat feels obtuse due to the attach semantics. Fair enough. I'm all for it now. Just make sure #| stat has mode 666 since user none can read it despite saying mode 600. > Yeah the man page should not lie, how's this instead? The .IR parts are off. The (3)s need to be R. See below. (you already committed yours, whoops) Thanks, Amavect diff 51669adf2446385b38bab4efcb4133c19e9be806 uncommitted --- a//sys/man/2/fork +++ b//sys/man/2/fork @@ -70,9 +70,16 @@ .TP .B RFNOMNT If set, subsequent mounts into the new name space and dereferencing -of pathnames starting with +of most pathnames starting with .B # -are disallowed. +are disallowed. Specifically +.IR pipe (3), +.IR dup (3), +.IR env (3), +.IR cons (3), +and +.IR proc (3) +are still permitted. .TP .B RFENVG If set, the environment variables are copied;
next prev parent reply other threads:[~2022-05-15 2:47 UTC|newest] Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top 2022-05-10 6:40 Jacob Moody 2022-05-10 14:40 ` ori 2022-05-10 16:34 ` Jacob Moody 2022-05-10 19:59 ` Amavect 2022-05-10 22:47 ` Jacob Moody 2022-05-11 4:21 ` Amavect 2022-05-11 6:31 ` Jacob Moody 2022-05-11 16:32 ` Amavect 2022-05-11 16:50 ` Jacob Moody 2022-05-15 2:43 ` Amavect [this message] 2022-05-15 15:26 ` Amavect 2022-05-15 16:28 ` Jacob Moody 2022-05-10 20:52 ` [9front] " Anthony Martin
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --subject='Re: [9front] [PATCH] kernel: disallow executing from #| or #d' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).