[9fans] plan9 security...

[9fans] plan9 security...

[Gorka Guardiola Múzquiz]

I was with some friend commenting on security in plan 9 and we found
some breach in security, at least the way it is used here.  I don't
know if this is a problem of the (awful) topology of our net or a real
breach.  Here we have a fileserver which serves the kernel for the
terminals on dhcp.  Terminals boot diskless.  The problem here is that
all the net taps in the University can form part of our subnet.  VPNs
are generated dinamically looking at the addresses which come from all
the taps.  The thing is that someone can do a DoS attack on
the fileserver, answer for it the dhcp request (it can be done from
any place on the University), and serve a tame kernel just to get the
passwords of the users.  We are studying the idea of signing somehow
the kernel with a net/host secret and adding support for it on 9load
to stop this happening.  Another solution would be to implement DHCP
authentication, but it may be much more complicated.

Would this be useful for any other person on the list?.  Do you think
it is a good solution?.  Ideas?.  Suggestions?.


			Gorka.

Re: [9fans] plan9 security...

[Dave Lukes]

>   Here we have a fileserver which serves the kernel for the
> terminals on dhcp.

There's your problem.

Any net-booted OS is going to have the same problem.

You'll have to do at least one of (in no particular order):
a) use a secure dhcp service
b) stop using dhcp
c) stop netbooting
d) get a physically secure network

Sorry!
	Dave.

P.S. Don't forget those DNS DOS hacks too!
(Sorry!)

Re: [9fans] plan9 security...

[boyd, rounin]

> You'll have to do at least one of (in no particular order):
> a) use a secure dhcp service
> b) stop using dhcp
> c) stop netbooting
> d) get a physically secure network

yup, dave is on the money as per usual.