GSoC Idea: per-process filesystem namespaces for FreeBSD
Warner Losh
imp at bsdimp.com
Tue Mar 13 21:43:12 UTC 2018
On Tue, Mar 13, 2018 at 1:55 PM, Kristoffer Eriksson <ske at pkmab.se> wrote:
>
> On 13 Mar 2018 12:53:18, Theron <theron.tarigo at gmail.com> wrote:
> > For those unfamiliar with Plan9, here is a rough explanation of the
> > namespace feature: unlike in Unix, where all processes share the same
> > virtual filesystem, each process instead has its own view of the
> > filesystem according to what has been mounted ...
>
> What if I mount a new /etc with a passwd file where root has no
> password, and then run "su"?
>
> (How does Plan9 handle that?)
>
Plan9 handles that by having a daemon that does user authentication. It's
actually more complicated than that, but the machine owner has control over
who can do what. For this to work in FreeBSD, either we'd need to disallow
the 'file' type for passwd, or we'd have to do something sensible with
setuid programs. Well, maybe not 'or' but 'and' since the security of
setuid programs depends on the security of the filesystem.... Plan 9
doesn't have these complications, so it can offer a user malleable
filesystem without security risk.
Warner
More information about the freebsd-hackers
mailing list