On Sun, Mar 28, 1999 at 02:19:43PM +0000, Christos Zoulas wrote:
> In article <19990327154710.A29608@marvin.ece.utexas.edu> bgrayson@marvin.ece.utexas.edu (Brian C. Grayson) writes:
> >
> >  I just committed a check via statfs (thanks Christos!).  I
> >think that's probably the best we can do (well, we could do a
> >statfs on every file before we open it, if folks really think
> >that's necessary).
> 
> Actually if you want to avoid races, you open() the file and then
> fstatfs() the fd.

  Yes, that's what I ended up committing Saturday.  (But not
until after I had committed the statfs("/proc") version and
went for a walk.)  It currently fstatfs()'s everything it
opens, before it reads, so what is in the tree is the paranoid
version I talk about above, and is thus trustworthy.  It prints
warnings when it detects something suspicious in /proc, also.

  It is way too easy to mount things on top of /proc and thus
fool or confuse programs.  I think checking the FS of open /proc
files is an important concept that should be put in the man
pages for mount_procfs and mount_kernfs.  Is there any kind of
SECURITY section?  I didn't see any in the mdoc.samples man page.  

  Unfortunately, I don't think there is currently a way for
scripts to verify the status of mounted stuff without races. 
I'm not a filedescriptor guru, but would something like this work:

exec 4</proc/$pid/status
fs=`mount -D 4 | awk '{print $5}'`
if [ $fs != procfs ]; then
  echo "file /proc/$pid/status is not on procfs???"
  exit 1
fi
read statusline<4
...

where -D was a new option to mount that said "run fstatfs on
the specified descriptor and print out the results"?  Is there
any better program than mount?  It'd be a shame to add a new
program just to run fstatfs, and either df or mount seem the best
matches to me.

  Brian