i was just pointing it out: i wasn't suggesting that it necessarily added security. (it was a response to the remark that a process could send arbitrary messages; not necessarily.) having said that, i'm not sure it's really a race, more of an ordering restriction: if you mount it before posting, i don't think you can get avoid the checks, so it can be much better than nothing.
--- Begin Message ---On Thu, Jan 08, 2009 at 07:57:42PM +0000, Charles Forsyth wrote: > >It now seems, that if your process has a read/write access to > >a channel capable of speaking 9P not letting it mount that > >channel really doesn't accomplish much: whatever messages kernel > >would send on your behalf, you can send directly. > > note that if a Chan has once been mounted it can no longer > be read or written except through devmnt.That's not much of a security guarantee since there's a race window when a channel is first posted to '#s' (e.g.), but yes, it's better than nothing. --nwf;
pgpVw5OcXGkt6.pgp
Description: PGP signature
--- End Message ---