On Sat, 2009-01-03 at 17:03 -0500, erik quanstrom wrote:
> > Did you see the example I provided in the original
> > email? "rfork m" is *exactly* RFNOMNT. And it doesn't
> > seem to work for one simple reason: RFNOMNT doesn't
> > restrict bind(2).
>
> these are exceptions. from port/chan.c:
>
> case '#':
> nomount = 1;
> up->genbuf[0] = '\0';
> n = 0;
> while(*name != '\0' && (*name != '/' || n < 2)){
> if(n >= sizeof(up->genbuf)-1)
> error(Efilename);
> up->genbuf[n++] = *name++;
> }
> up->genbuf[n] = '\0';
> /*
> * noattach is sandboxing.
> *
> * the OK exceptions are:
> * | it only gives access to pipes you create
> * d this process's file descriptors
> * e this process's environment
> * the iffy exceptions are:
> * c time and pid, but also cons and consctl
> * p control of your own processes (and unfortunately
> * any others left unprotected)
> */
> n = chartorune(&r, up->genbuf+1)+1;
> /* actually / is caught by parsing earlier */
> >>>> if(utfrune("M", r))
> >>>> error(Enoattach);
> >>>> if(up->pgrp->noattach && utfrune("|decp", r)==nil)
> error(Enoattach);
> t = devno(r, 1);
> if(t == -1)
> error(Ebadsharp);
> c = devtab[t]->attach(up->genbuf+n);
> break;
>
> the first two indicated lines are redundant.
> i'm not so sure about any of the exceptions.
Two comments:
0. First of all, thanks for the code snippet. I'm so used to Plan9
having as little exceptions as possible and being very well
documents that I sometimes forget to look for the source.
1. This better be documented in the man pages, if you ask me.
And finally, I'd say having these exceptions is a mistake. Unless,
there's a really good reason, they break the paradigm of RFNOMNT
quite needlessly without even a hint of a benefit.
Anybody disagrees?
Thanks,
Roman.
