i was just pointing it out: i wasn't suggesting that it
necessarily added security. (it was a response to the remark
that a process could send arbitrary messages; not necessarily.)
having said that, i'm not sure it's really a race, more of an ordering
restriction:
if you mount it before posting, i don't think you can get avoid the checks,
so it can be much better than nothing.
--- Begin Message ---
On Thu, Jan 08, 2009 at 07:57:42PM +0000, Charles Forsyth wrote:
> >It now seems, that if your process has a read/write access to
> >a channel capable of speaking 9P not letting it mount that
> >channel really doesn't accomplish much: whatever messages kernel
> >would send on your behalf, you can send directly.
>
> note that if a Chan has once been mounted it can no longer
> be read or written except through devmnt.
That's not much of a security guarantee since there's a race window when a
channel is first posted to '#s' (e.g.), but yes, it's better than nothing.
--nwf;
pgpVw5OcXGkt6.pgp
Description: PGP signature
--- End Message ---
