user nobody
On Oct 28, 2007, at 3:28 AM, Skip Tavakkolian wrote:
There's nothing wrong with importing a remote file system. And
you're assuming that you actually need credentials to mount the
remote file system. It is ridiculous to implicitly trust, yes.
The mitigation of the threat (in this case) is to disallow "."
from your path. If you want to go deeper you can discuss auditing
your kernel and the relevant user land source code.
in that case, one should build a sandbox, climb into it and import the
fs. the potential damage is contained. maybe 9fs should have an
option to do that.
So there is a balance between the unknown and the known and
that balance is what security is all about. You isolate the
problems you can as best you can. Implicitly trusting is just
as dangerous as not trusting anything.
i didn't say implicitly trust everything, but if you decided to be
part of a group, you're implicitly trusting them. it would be as
if you asked every coworker to walk through a metal detector
before they could approach you. if you don't, then you're implicitly
trusting they wont harm you.
