9front - general discussion about 9front
 help / color / mirror / Atom feed
From: Amavect <amavect@gmail.com>
To: 9front@9front.org
Subject: Re: [9front] [PATCH] kernel: disallow executing from #| or #d
Date: Sat, 14 May 2022 21:43:11 -0500	[thread overview]
Message-ID: <20220514214311.2da3632d@spruce.localdomain> (raw)
In-Reply-To: <004c4a6d-957d-1623-9b5d-2f6bbf940f24@posixcafe.org>

On Wed, 11 May 2022 10:50:44 -0600
Jacob Moody <moody@mail.posixcafe.org> wrote:

> The roundabout way of checking for permission bits was
> my first pass at removing this capability. I am much
> more in favor of just disabling wstat for devpipe
> personally. If you did want to make one end
> of a pipe read only or write only, doing it through
> wstat feels obtuse due to the attach semantics.

Fair enough. I'm all for it now.
Just make sure #| stat has mode 666 since user none can read it despite
saying mode 600.

> Yeah the man page should not lie, how's this instead?

The .IR parts are off. The (3)s need to be R. See below.
(you already committed yours, whoops)


diff 51669adf2446385b38bab4efcb4133c19e9be806 uncommitted
--- a//sys/man/2/fork
+++ b//sys/man/2/fork
@@ -70,9 +70,16 @@
 If set, subsequent mounts into the new name space and dereferencing
-of pathnames starting with
+of most pathnames starting with
 .B #
-are disallowed.
+are disallowed. Specifically
+.IR pipe (3),
+.IR dup (3),
+.IR env (3),
+.IR cons (3),
+.IR proc (3)
+are still permitted.
 If set, the environment variables are copied;

  reply	other threads:[~2022-05-15  2:47 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-05-10  6:40 Jacob Moody
2022-05-10 14:40 ` ori
2022-05-10 16:34   ` Jacob Moody
2022-05-10 19:59     ` Amavect
2022-05-10 22:47       ` Jacob Moody
2022-05-11  4:21         ` Amavect
2022-05-11  6:31           ` Jacob Moody
2022-05-11 16:32             ` Amavect
2022-05-11 16:50               ` Jacob Moody
2022-05-15  2:43                 ` Amavect [this message]
2022-05-15 15:26                   ` Amavect
2022-05-15 16:28                     ` Jacob Moody
2022-05-10 20:52 ` [9front] " Anthony Martin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220514214311.2da3632d@spruce.localdomain \
    --to=amavect@gmail.com \
    --cc=9front@9front.org \
    --subject='Re: [9front] [PATCH] kernel: disallow executing from #| or #d' \


* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).