> There's nothing wrong with importing a remote file system. And > you're assuming that you actually need credentials to mount the > remote file system. It is ridiculous to implicitly trust, yes. > The mitigation of the threat (in this case) is to disallow "." > from your path. If you want to go deeper you can discuss auditing > your kernel and the relevant user land source code.
in that case, one should build a sandbox, climb into it and import the fs. the potential damage is contained. maybe 9fs should have an option to do that. > So there is a balance between the unknown and the known and > that balance is what security is all about. You isolate the > problems you can as best you can. Implicitly trusting is just > as dangerous as not trusting anything. i didn't say implicitly trust everything, but if you decided to be part of a group, you're implicitly trusting them. it would be as if you asked every coworker to walk through a metal detector before they could approach you. if you don't, then you're implicitly trusting they wont harm you.
