security - things to be aware of

security - things to be aware of

[rob]

According to the shrink-wrap license, connecting a system
with the Plan 9 source on it to the Internet is against
the rules:

	nor may any part of the SOFTWARE be made available
	on a computer network external to you or your
	organization

One might argue what 'make available' means, but as things
stand, and as we intended them, this means the source
should not be installed on an Internet-visible machine,
regardless of the account structure.

I would like to point out here that I was never
happy with the idea of user 'none'.  It made sense in
the early debugging days but should have gone away
years ago.

-rob

security - things to be aware of

[Scott]

rob@plan9.att.com writes:
| One might argue what 'make available' means, but as things
| stand, and as we intended them, this means the source
| should not be installed on an Internet-visible machine,
| regardless of the account structure.

What does 'internet-visible' mean?  If chmod 770 isn't enough, will it
be satisfactory to filter 9p traffic on our internet gateway, or to
disable "none" in the fileserver?

security - things to be aware of

[dhog]

>According to the shrink-wrap license, connecting a system
>with the Plan 9 source on it to the Internet is against
>the rules:
>
>	nor may any part of the SOFTWARE be made available
>	on a computer network external to you or your
>	organization
>
>One might argue what 'make available' means, but as things
>stand, and as we intended them, this means the source
>should not be installed on an Internet-visible machine,
>regardless of the account structure.

But doesn't "SOFTWARE" here mean more than just the source?
The license defines it as "the enclosed software programs,
documentation, and other materials" and goes on to say that
it "includes any works derived or modified from the enclosed
materials".  My reading of this is that it is illegal for us to
"make available" the documentation, binaries, or source to the
internet at large, not just the source.  So we're not allowed to
connect a machine containing any of these to the net...


--
``It's a beautiful world we live in''  - Devo

security - things to be aware of

[Steve]

If someone sets up their plan9 system according to the manuals, anyone on
the internet can telnet/rlogin in as 'none' without a password and steal
all the source code and binaries - saving the price of the CDROM.

The installation notes for the old release said to 'chmod 770 /sys/src'
(to protect the source) but that is not mentioned in the new docs.
Any site allowing anonymous telnet/rlogin should probably chmod /sys/src,
I'm not sure what the lawyers and publisher would say if you don't.

To disable this anonymous access, use the undocumented '-N' option
to aux/telnetd and aux/ftp, which disallows logins as 'none'.

Since aux/rlogin execs aux/telnetd without the '-N' option, the only
protection may be to patch the source, or remove /bin/service/tcp513

Finally, ip/tftpd grants access to any world-readable file.
The main concern here is that people using u9fs as their file server
probably have an /etc/passwd file from their Unix system accessible.
If so, make sure you don't have any encrypted passwords in it,
or someone could steal it and use 'crack' to break the passwords.