[9fans] more secure kfs

[9fans] more secure kfs

[arisawa]

Does anyone has a patch to kfs that enables more secure kfs?

I would like to prohibit some kfs commands by the user who is
not the owner of /dev/hd0*

Kenji Arisawa
E-mail: arisawa@aichi-u.ac.jp

[9fans] more secure kfs

[arisawa]

>It's simple to prohibit *all* kfs commands except from hostowner,
>by changing main.c as shown below. 
...
>-- Richard Miller

Thank you, Richard. I will try.

Kenji Arisawa
E-mail: arisawa@aichi-u.ac.jp

[9fans] more secure kfs

[miller]

Kenji Arisawa <arisawa@aichi-u.ac.jp> asks:

> Does anyone has a patch to kfs that enables more secure kfs?
> 
> I would like to prohibit some kfs commands by the user who is
> not the owner of /dev/hd0*

It's simple to prohibit *all* kfs commands except from hostowner,
by changing main.c as shown below.  A filter program could then
be started from cpurc to accept commands on another /srv file
and pass the safe ones (sync?) to /srv.kfs [left as an exercise
for the reader].

==========================================
diff /sys/src/cmd/disk/kfs/main.c main.c
11c11
< int	srvfd(char*, int);
---
> int     srvfd(char*, int, int);
296c296
< 	srvfd(buf, p[0]);
---
> 	srvfd(buf, p[0], 0600);
398c398
< 	srvfd(buf, sfd);
---
> 	srvfd(buf, sfd, 0666);
412c412
< srvfd(char *s, int sfd)
---
> srvfd(char *s, int sfd, int perm)
417c417
< 	fd = create(s, OWRITE, 0666);
---
> 	fd = create(s, OWRITE, perm);
420c420
< 		fd = create(s, OWRITE, 0666);
---
> 		fd = create(s, OWRITE, perm);
==========================================

-- Richard Miller