On Thu, 2009-01-08 at 19:57 +, Charles Forsyth wrote:
> >It now seems, that if your process has a read/write access to
> >a channel capable of speaking 9P not letting it mount that
> >channel really doesn't accomplish much: whatever messages kernel
> >would send on your behalf, you can send d
i was just pointing it out: i wasn't suggesting that it
necessarily added security. (it was a response to the remark
that a process could send arbitrary messages; not necessarily.)
having said that, i'm not sure it's really a race, more of an ordering
restriction:
if you mount it before posting, i
>It now seems, that if your process has a read/write access to
>a channel capable of speaking 9P not letting it mount that
>channel really doesn't accomplish much: whatever messages kernel
>would send on your behalf, you can send directly.
note that if a Chan has once been mounted it can no long
On Thu, Jan 08, 2009 at 07:57:42PM +, Charles Forsyth wrote:
> >It now seems, that if your process has a read/write access to
> >a channel capable of speaking 9P not letting it mount that
> >channel really doesn't accomplish much: whatever messages kernel
> >would send on your behalf, you can
On Wed, 2009-01-07 at 01:24 -0500, Dave Eckhardt wrote:
> > RFNOMNT, like everything in Plan 9, was put in because
> > someone needed to use it, not as a purely academic
> > exercise in adding features.
>
> Here is something which either I've misunderstood or is
> harder than I'd like.
[...]
>
On Wed, Jan 7, 2009 at 3:24 PM, Dave Eckhardt wrote:
> The web server infrastructure seems pretty focused on running
> as user "none", which makes sense as far as it goes, but I
> don't want none to be able to read the files served by the
> web servers because anybody who can log in to the machine
> RFNOMNT, like everything in Plan 9, was put in because
> someone needed to use it, not as a purely academic
> exercise in adding features.
Here is something which either I've misunderstood or is
harder than I'd like.
I have a machine which runs two private (password-protected)
web servers on di