Date: Tue, 13 Mar 2018 15:43:08 -0600 From: Warner Losh <imp@bsdimp.com> To: Kristoffer Eriksson <ske@pkmab.se> Cc: Theron <theron.tarigo@gmail.com>, "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org> Subject: Re: GSoC Idea: per-process filesystem namespaces for FreeBSD Message-ID: <CANCZdfoU1B4228RpwfupvdVN9RPCCug4p283xmkNwW7t-M9CjA@mail.gmail.com> In-Reply-To: <201803132055.aa28780@berenice.pkmab.se> References: <d7621074-acb4-c5b6-1efd-dc55b51586b1@gmail.com> <201803132055.aa28780@berenice.pkmab.se>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Mar 13, 2018 at 1:55 PM, Kristoffer Eriksson <ske@pkmab.se> wrote: > > On 13 Mar 2018 12:53:18, Theron <theron.tarigo@gmail.com> wrote: > > For those unfamiliar with Plan9, here is a rough explanation of the > > namespace feature: unlike in Unix, where all processes share the same > > virtual filesystem, each process instead has its own view of the > > filesystem according to what has been mounted ... > > What if I mount a new /etc with a passwd file where root has no > password, and then run "su"? > > (How does Plan9 handle that?) > Plan9 handles that by having a daemon that does user authentication. It's actually more complicated than that, but the machine owner has control over who can do what. For this to work in FreeBSD, either we'd need to disallow the 'file' type for passwd, or we'd have to do something sensible with setuid programs. Well, maybe not 'or' but 'and' since the security of setuid programs depends on the security of the filesystem.... Plan 9 doesn't have these complications, so it can offer a user malleable filesystem without security risk. Warner
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CANCZdfoU1B4228RpwfupvdVN9RPCCug4p283xmkNwW7t-M9CjA>