I wonder if there is a more simple approach for local mounts -- it
seems like key exchange shouldn't be required on the local host as we
know who everybody is (at least inside the kernel). Another
alternative would be to export a named pipe for local mounts and just
use standard permission controls -- I suppose the main problem is
nothing prevents a local user with permissions from opening the named
pipe and spoofing the attach message with an alternate identity which
makes the problem the same for named pipes as it does for a tcp
socket.
-eric
On Tue, Mar 31, 2009 at 9:59 AM, Latchesar Ionkov <[email protected]> wrote:
>
> I believe there is a standard mount helper, but we need a special one for
> xcpu as it uses non-standard authentication.
>
> Thanks,
> Lucho
>
> On Mar 31, 2009, at 8:52 AM, ron minnich wrote:
>
>>
>> On Tue, Mar 31, 2009 at 7:19 AM, Latchesar Ionkov <[email protected]>
>> wrote:
>>
>>> If you have a convincing case for using it mounted, I can probably write
>>> a
>>> simple mounter that does the authentication before it handles the
>>> connection
>>> to the kernel.
>>
>> I think the case is simple: 9p servers should always be mountable from
>> 9p vfs. It's just embarrassing otherwise.
>>
>> we've talked about a mount helper for years; this may be the time to write
>> it.
>>
>> ron
>
>
