* [9fans] securing venti and fileservers was: (vac errors after updating to latest p9p archive)
@ 2009-08-17 12:33 Fernan Bolando
2009-08-17 15:36 ` Anthony Sorace
0 siblings, 1 reply; 3+ messages in thread
From: Fernan Bolando @ 2009-08-17 12:33 UTC (permalink / raw)
To: Fans of the OS Plan 9 from Bell Labs
Hi all
We have discussed the common setup used by 9fans. Can somebody post
there method of securing venti stores.
regards
fernan
--
http://www.fernski.com
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [9fans] securing venti and fileservers was: (vac errors after updating to latest p9p archive)
2009-08-17 12:33 [9fans] securing venti and fileservers was: (vac errors after updating to latest p9p archive) Fernan Bolando
@ 2009-08-17 15:36 ` Anthony Sorace
2009-08-17 15:55 ` erik quanstrom
0 siblings, 1 reply; 3+ messages in thread
From: Anthony Sorace @ 2009-08-17 15:36 UTC (permalink / raw)
To: fernanbolando, Fans of the OS Plan 9 from Bell Labs
Less of a "here's my experience" than a summary of earlier
conversations with various people, but still perhaps relevant or
helpful:
0) Venti contains neither authentication nor authorization. If you
care, you are advised to stick it on a trusted network, or listen only
on loopback.
1) The venti protocol reserves space for auth (see VtTauth0 and
VtTauth1 in /sys/include/venti.h), but I'm pretty sure nobody
implements it. Certainly I haven't found any definition of those
fields.
2) My biggest security concern wrt venti is denial-of-service by way
of spamming my disk (intentionally or not). /sys/src/cmd/venti/ro.c
implements a read-only proxy which reduces this risk.
3) The proxy also provides a useful example of how more complex
proxies could be constructed. What I'd like (it's on my todo, but down
a few rungs) is an extended version that allows r/w access from
trusted hosts/networks and r/o from everyone else.
4) There's always ssl or the like. Some people argue that's the best
path to take; I'm less convinced.
-----
P.S.: I have no idea why, but gmail thinks an appropriate ad for this
topic is for "Emo Teens": "Explore Emo Style & Personality. The Latest
Family Topics!". Funny, Glenda doesn't *look* emo to me.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [9fans] securing venti and fileservers was: (vac errors after updating to latest p9p archive)
2009-08-17 15:36 ` Anthony Sorace
@ 2009-08-17 15:55 ` erik quanstrom
0 siblings, 0 replies; 3+ messages in thread
From: erik quanstrom @ 2009-08-17 15:55 UTC (permalink / raw)
To: 9fans
> 0) Venti contains neither authentication nor authorization. If you
> care, you are advised to stick it on a trusted network, or listen only
> on loopback.
>
> 1) The venti protocol reserves space for auth (see VtTauth0 and
> VtTauth1 in /sys/include/venti.h), but I'm pretty sure nobody
> implements it. Certainly I haven't found any definition of those
> fields.
it is typical to not do authentication or authorization on
block-level storage. venti may be fancy, but it's still block storage.
iscsi notwithstanding, storage networks tend to be pretty locked down.
> 4) There's always ssl or the like. Some people argue that's the best
> path to take; I'm less convinced.
i think it makes a lot of sense to use ssl like a streams module.
push it when necessary. (venti already requires a streaming
protocol, so this isn't a big loss.)
for a lower-level solution, you could also use various flavors of vpn.
- erik
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2009-08-17 15:55 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-08-17 12:33 [9fans] securing venti and fileservers was: (vac errors after updating to latest p9p archive) Fernan Bolando
2009-08-17 15:36 ` Anthony Sorace
2009-08-17 15:55 ` erik quanstrom
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).