On Sat, 2009-01-03 at 17:03 -0500, erik quanstrom wrote: > > Did you see the example I provided in the original > > email? "rfork m" is *exactly* RFNOMNT. And it doesn't > > seem to work for one simple reason: RFNOMNT doesn't > > restrict bind(2). > > these are exceptions. from port/chan.c: > > case '#': > nomount = 1; > up->genbuf[0] = '\0'; > n = 0; > while(*name != '\0' && (*name != '/' || n < 2)){ > if(n >= sizeof(up->genbuf)-1) > error(Efilename); > up->genbuf[n++] = *name++; > } > up->genbuf[n] = '\0'; > /* > * noattach is sandboxing. > * > * the OK exceptions are: > * | it only gives access to pipes you create > * d this process's file descriptors > * e this process's environment > * the iffy exceptions are: > * c time and pid, but also cons and consctl > * p control of your own processes (and unfortunately > * any others left unprotected) > */ > n = chartorune(&r, up->genbuf+1)+1; > /* actually / is caught by parsing earlier */ > >>>> if(utfrune("M", r)) > >>>> error(Enoattach); > >>>> if(up->pgrp->noattach && utfrune("|decp", r)==nil) > error(Enoattach); > t = devno(r, 1); > if(t == -1) > error(Ebadsharp); > c = devtab[t]->attach(up->genbuf+n); > break; > > the first two indicated lines are redundant. > i'm not so sure about any of the exceptions.
Two comments: 0. First of all, thanks for the code snippet. I'm so used to Plan9 having as little exceptions as possible and being very well documents that I sometimes forget to look for the source. 1. This better be documented in the man pages, if you ask me. And finally, I'd say having these exceptions is a mistake. Unless, there's a really good reason, they break the paradigm of RFNOMNT quite needlessly without even a hint of a benefit. Anybody disagrees? Thanks, Roman.