From mboxrd@z Thu Jan 1 00:00:00 1970 Date: Sat, 2 May 1998 10:48:14 +0100 From: miller@hamnavoe.demon.co.uk miller@hamnavoe.demon.co.uk Subject: [9fans] more secure kfs Topicbox-Message-UUID: 786d2c7c-eac8-11e9-9e20-41e7f4b1d025 Message-ID: <19980502094814.bROQbPFcujrOb9EmJSmozWj3rV3mNLCLcnIzxn0tfNs@z> Kenji Arisawa asks: > Does anyone has a patch to kfs that enables more secure kfs? > > I would like to prohibit some kfs commands by the user who is > not the owner of /dev/hd0* It's simple to prohibit *all* kfs commands except from hostowner, by changing main.c as shown below. A filter program could then be started from cpurc to accept commands on another /srv file and pass the safe ones (sync?) to /srv.kfs [left as an exercise for the reader]. ========================================== diff /sys/src/cmd/disk/kfs/main.c main.c 11c11 < int srvfd(char*, int); --- > int srvfd(char*, int, int); 296c296 < srvfd(buf, p[0]); --- > srvfd(buf, p[0], 0600); 398c398 < srvfd(buf, sfd); --- > srvfd(buf, sfd, 0666); 412c412 < srvfd(char *s, int sfd) --- > srvfd(char *s, int sfd, int perm) 417c417 < fd = create(s, OWRITE, 0666); --- > fd = create(s, OWRITE, perm); 420c420 < fd = create(s, OWRITE, 0666); --- > fd = create(s, OWRITE, perm); ========================================== -- Richard Miller