From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,FREEMAIL_FROM,T_SCC_BODY_TEXT_LINE autolearn=ham
	autolearn_force=no version=3.4.4
Received: (qmail 27050 invoked from network); 11 May 2022 16:34:20 -0000
Received: from 9front.inri.net (168.235.81.73)
  by inbox.vuxu.org with ESMTPUTF8; 11 May 2022 16:34:20 -0000
Received: from mail-io1-f42.google.com ([209.85.166.42]) by 9front; Wed May 11 12:32:48 -0400 2022
Received: by mail-io1-f42.google.com with SMTP id o190so2601188iof.10
        for <9front@9front.org>; Wed, 11 May 2022 09:32:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=date:from:to:subject:user-agent:in-reply-to:references:message-id
         :mime-version:content-transfer-encoding;
        bh=aDhj4qyblfzpAp1m9C3xwPcJJn2/xHy3GIpdZJZmISM=;
        b=oOkVivr20lAVPLnjL2InWBn366vXxiwVCLhT177ok1AkspOej0kr86H+7C2LEMri1X
         ftbhiJweqePThgGQqVTs4t411tfO5LXKXXIjDGbzFVXhIyXrofWHJKKxb7mKBipboRNS
         nuah2HgxTP9wHgj2jNOaaytsgCP7g3/YxrhKZWuDTyWBqmUYzcACe4rvt9BYvkoTS3pD
         aQ8fxl5jgBFTrICw+wt1AWRs4ERHXrmAW/BPsaGRurnAA0NjfBvsCOts6Kqsa7DqidgZ
         Lgnp8UqxEq2lccVcn9lWi4ubs45XhoRPhojynbWaZFYRzzhBxAzVNfZsJIewAiuyWXo4
         XdWw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:date:from:to:subject:user-agent:in-reply-to
         :references:message-id:mime-version:content-transfer-encoding;
        bh=aDhj4qyblfzpAp1m9C3xwPcJJn2/xHy3GIpdZJZmISM=;
        b=arHrLH4RS7O01VGMKAa+CBbkxwULTFrlbe5iXwPpi+l/fnxaedCOC4OiD33H5OFEnI
         w2OomPPb8L9zCeSHKuP9Ui9SFd6ZYXvZQAtKAHB87DgF9uVA96lxMH+5EukgZWjIV7Pg
         LP51S+BoB+R+/owx0XLm+UpaVf9qL1fFFeI9AaZKGWbeb7p8NggUSlyTBsYzWps6GUIL
         /RiqYrfacoMlmyGxPmkg66DS13xXa79TY8JDjfLhlbuHgpm7S7Q5qoXFpo053f6TolzU
         070gubuyyHDpwncxul3ily4xwjANwQKGHnjgRuX3wNxlvP6NY63jrg7kE8pyO/K7QAZ0
         hLyg==
X-Gm-Message-State: AOAM530+Z2UIFuHna9cI7VqAiyd+nmxO2zGDL0dzVLAmd2stwqf5oD3a
	EWrGtkCSLI1v9zlx/2R6kxmunlDIvuzi4A==
X-Google-Smtp-Source: ABdhPJz7lTRvkZdEyvyWx0Ih6fa8xJPWQwOdJW6bgLfZnnE609Z8x6IHXSCMdH5qqGS/ECzuiK0jhA==
X-Received: by 2002:a05:6638:14c8:b0:32b:66f8:75a7 with SMTP id l8-20020a05663814c800b0032b66f875a7mr12593194jak.114.1652286762806;
        Wed, 11 May 2022 09:32:42 -0700 (PDT)
Return-Path: <amavect@gmail.com>
Received: from ?IPv6:::1? ([2600:1008:b122:bd9d:f4a3:a507:f24a:f3b])
        by smtp.gmail.com with ESMTPSA id s184-20020a0251c1000000b0032b3a78174csm709317jaa.16.2022.05.11.09.32.41
        for <9front@9front.org>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 11 May 2022 09:32:42 -0700 (PDT)
Date: Wed, 11 May 2022 11:32:31 -0500
From: Amavect <amavect@gmail.com>
To: 9front@9front.org
User-Agent: K-9 Mail for Android
In-Reply-To: <c868d55b-2493-db66-740b-17e606a3b99a@posixcafe.org>
References: <77567FF86B34A592067F8FA1ADD7F3C6@eigenstate.org> <b0efb91e-7ffc-1e24-0529-f6f6b47bad0e@posixcafe.org> <89328B14-29CE-4D30-AFAD-672900E2699D@gmail.com> <0718a4ed-dd38-06f5-2071-6d2ded50b7fa@posixcafe.org> <0BBC7720-2562-4C73-9153-0A37CF503820@gmail.com> <c868d55b-2493-db66-740b-17e606a3b99a@posixcafe.org>
Message-ID: <2248A216-6C8C-4C58-AD4A-5D4D2BAAED14@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: quoted-printable
List-ID: <9front.9front.org>
List-Help: <http://lists.9front.org>
X-Glyph: ➈
X-Bullshit: progressive managed scripting CMS high-performance-aware layer 
Subject: Re: [9front] [PATCH] kernel: disallow executing from #| or #d
Reply-To: 9front@9front.org
Precedence: bulk

On May 11, 2022 1:31:27 AM CDT, Jacob Moody <moody@mail=2Eposixcafe=2Eorg> =
wrote:
>Requiring +x set, then preventing +x from being set
>is just a roundabout way of disabling opening with OEXEC, why
>not just do that?
I'm confused why devpipe allows wstat=2E
The roundabout way is more general,
checking read/write permissions as well=2E
The permission info should line up with how a dev allows permissions,
and making open dependent on what the mode is actually set to
would make the info and the behavior always line up=2E
It might be as easy as a bitwise or=2E
I'll hack up something later tonight=2E

If we don't decide on that route,
then devpipe should disallow wstat=2E

>RFNOMNT does not remove access to #|, #d, #e, #c, or #p
That's what I get for only reading the man page without testing=2E


Thanks,
Amavect