From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,HTML_MESSAGE,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H2,T_SCC_BODY_TEXT_LINE autolearn=ham
	autolearn_force=no version=3.4.4
Received: (qmail 17810 invoked from network); 4 May 2023 02:33:07 -0000
Received: from tb-ob20.topicbox.com (173.228.157.66)
  by inbox.vuxu.org with ESMTPUTF8; 4 May 2023 02:33:07 -0000
Received: from tb-mx0.topicbox.com (tb-mx0.nyi.icgroup.com [10.90.30.73])
	by tb-ob20.topicbox.com (Postfix) with ESMTP id 2CE0836C9A
	for <ml@inbox.vuxu.org>; Wed,  3 May 2023 22:33:04 -0400 (EDT)
	(envelope-from bounce.mM990b45a03a13257b66e4e8bc.r522be890-2105-11eb-b15e-8d699134e1fa@9fans.bounce.topicbox.com)
Received: by tb-mx0.topicbox.com (Postfix, from userid 1132)
	id DE87617B31CF; Wed,  3 May 2023 22:33:03 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=9fans.net; h=to
	:message-id:date:mime-version:content-type
	:content-transfer-encoding:list-help:list-id:list-post
	:list-subscribe:reply-to:subject:from:list-unsubscribe; s=
	dkim-1; t=1683167583; x=1683253983; bh=gCOh/66DZHBvv5qGA4aC7bsAY
	kAmuSyT5wEIx8NtdpA=; b=AvpQL9jWnM0r4FgoJRH4o3BKSMC4OC79hek8zcx9t
	hQC7PW61mRvYPia9STN4RBvuWhMyrqyEsj9gv4V6Mk5ItJqeovs4LL2agBj2jEjc
	1gPQjisCPa/d0wAi2e6eD9b1zJ2Tg246UbV/liIAp/elvy/c8aEWb72IVmdgtACK
	QE=
To: 9fans <9fans@9fans.net>
Message-Id: <16831675770.A5cCC4.81650@composer.9fans.topicbox.com>
Date: Wed, 3 May 2023 22:32:57 -0400
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary=16831675771.e5D6aFA1E.81650
Content-Transfer-Encoding: 7bit
Topicbox-Policy-Reasoning: allow: sender is a member
Topicbox-Message-UUID: fb0edff0-ea23-11ed-8534-090240decc0b
Archived-At: =?UTF-8?B?PGh0dHBzOi8vOWZhbnMudG9waWNib3guY29tL2dyb3Vwcy85?=
 =?UTF-8?B?ZmFucy9UMDhmODljNDEzMTdhMmU2OS1NOTkwYjQ1YTAzYTEzMjU3YjY2ZTRl?=
 =?UTF-8?B?OGJjPg==?=
List-Help: <https://9fans.topicbox.com/groups/9fans>
List-Id: "9fans" <9fans.9fans.net>
List-Post: <mailto:9fans@9fans.net>
List-Software: Topicbox v0
List-Subscribe: <https://9fans.topicbox.com/groups/9fans>
Precedence: list
Reply-To: 9fans <9fans@9fans.net>
Subject: [9fans] serious bug in ramfs and code based on it
From: "ibrahim via 9fans" <9fans@9fans.net>
List-Unsubscribe: <https://9fans.topicbox.com/groups/9fans>,
 <mailto:9fans+unsubscribe@9fans.net?subject=x-tx-unsubscribe:2:9fans:437d30aa-c441-11e9-8a57-d036212d11b0:522be890-2105-11eb-b15e-8d699134e1fa:M990b45a03a13257b66e4e8bc:1:PyUmhr-UAcpBv7OQRDNcpkI0qS-VwOd1WbY7sPe7DB4>
Topicbox-Delivery-ID:
 2:9fans:437d30aa-c441-11e9-8a57-d036212d11b0:522be890-2105-11eb-b15e-8d699134e1fa:M990b45a03a13257b66e4e8bc:1:oJMiVu0WV_y9BqCh1QEOgkNYCan3pO07RphrgPOIDkM


--16831675771.e5D6aFA1E.81650
Date: Wed, 3 May 2023 22:32:57 -0400
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

The classic implementation of ramfs and many other user fileservers based o=
n it have a serious bug regarding the 9p protocol :

If you open a file for which you have Read/Execute Permission you are free =
to write to that file by sending Twrite requests.=20
*
*
*rwrite doesn't check if the file was opened for read, write or execute. *

A possible solution for this problem is enhancing the meaning of Fid.open f=
rom an indicator for open files to an indicator for open files and the mode=
 they were opened :

0x80 ... file is open
0x40 ... opened for reading
0x20 ... opened for writing
0x10 ... opened for execution

While ramfs is regared as a toy program with minimal permission checking ma=
ny user file servers around are based on this example like all the tools in=
 tapefs.

------------------------------------------
9fans: 9fans
Permalink: https://9fans.topicbox.com/groups/9fans/T08f89c41317a2e69-M990b4=
5a03a13257b66e4e8bc
Delivery options: https://9fans.topicbox.com/groups/9fans/subscription

--16831675771.e5D6aFA1E.81650
Date: Wed, 3 May 2023 22:32:57 -0400
MIME-Version: 1.0
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html>
<html><html><html><body><div>The classic implementation of ramfs and many o=
ther user fileservers based on it have a serious bug regarding the 9p proto=
col :<br /></div><div><br /></div><div>If you open a file for which you hav=
e Read/Execute Permission you are free to write to that file by sending Twr=
ite requests. <br /></div><div><b><br /></b></div><div><b>rwrite doesn&#39;=
t check if the file was opened for read, write or execute. </b><br /></div>=
<div><br /></div><div>A possible solution for this problem is enhancing the=
 meaning of Fid.open from an indicator for open files to an indicator for o=
pen files and the mode they were opened :<br /></div><div><br /></div><div>=
0x80 ... file is open<br /></div><div>0x40 ... opened for reading<br /></di=
v><div>0x20 ... opened for writing<br /></div><div>0x10 ... opened for exec=
ution<br /></div><div><br /></div><div>While ramfs is regared as a toy prog=
ram with minimal permission checking many user file servers around are base=
d on this example like all the tools in tapefs.<br /></div><div><br /></div=
><div id=3D"topicbox-footer" style=3D"margin:10px 0 0;border-top:1px solid =
#ddd;border-color:rgba(0,0,0,.15);padding:7px 0;">

<strong><a href=3D"https://9fans.topicbox.com/latest" style=3D"color:inheri=
t;text-decoration:none">9fans</a></strong>
  / 9fans / see
<a href=3D"https://9fans.topicbox.com/groups/9fans">discussions</a>
  +
<a href=3D"https://9fans.topicbox.com/groups/9fans/members">participants</a>
  +
<a href=3D"https://9fans.topicbox.com/groups/9fans/subscription">delivery&n=
bsp;options</a>
<a href=3D"https://9fans.topicbox.com/groups/9fans/T08f89c41317a2e69-M990b4=
5a03a13257b66e4e8bc" style=3D"float:right">Permalink</a>
</div>
</body></html></html></html>=

--16831675771.e5D6aFA1E.81650--