David Leimbach wrote:
Yeah but it did allow that, it would currently allow users to bind their own passwd file or sudoers etc etc over /etc (unless they had an implementation that prevented such things).
right, so in my v9fs on Linux 2.0, I made the 9p lack-of-attributes such as dev inode, suid, ec. out as a virtue. You could not express most of the ideas that were security issues in Unix.
If you add a few restrictions on where user mounts are allowed to go (e.g. you're only allowed to mount on /private, for example), I think you can knock a lot of the harder problems. It's all a hack, I guess, but there's only so much you can do on Unix. I still think you can do user mounts and still be safe.
ron
