[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
unreliable ".." and namespace protection
- To: inferno@interstice.com
- Subject: unreliable ".." and namespace protection
- From: Roger Peppe <rog@ohm.york.ac.uk>
i've been trying to write a sort of firewall program that wraps some namespace protection around an untrusted program and warns about attempted illegal accesses. so: ns -r /usr/rog shellcommand runs shellcommand in an environment where any attempt to write any file under /usr/rog will fail, and generate a warning message. (it does this by intercepting walk messages and keeping track of the current directory of each fid) however it appears to be very difficult to do this reliably due to difficulties with the behaviour of ".." in union directories. for instance if i've done bind -a /usr/rog/dis /dis then ns -r /sys {echo munge > /usr/rog/dis/../sys/importantfile} will write quite happily to /sys/importantfile, because ns thinks that the relevant fid is pointing to /usr/rog/sys/importantfile, not /sys/importantfile. my question is: given the list of mounts obtainable from /prog/$pid/ns is it possible to work out reliably where a walk to ".." will take the fid, or is it not worth trying ? cheers, rog.
- Prev by Date: any Israeli companies doing Inferno
- Next by Date: Re: yacc available
- Prev by thread: Re: any Israeli companies doing Inferno
- Next by thread: inheritable file system objects, part 1: security
- Index(es):