Re: [9fans] security of inferno os [ptr]

Re: [9fans] security of inferno os [ptr]

[anothy]

// If my machine is 150 miles away how will I press enter to
// tell it to boot from local...

the cpu server kernel will time out if given a default in plan9.ini.
i think it's the 'bootargs=' line, but i could be wrong.

// ...how is it possible to prevent the col-locators using it from
// the terminal.

hmm... i guess you could just not run rio and exec something
out of cpurc that tied up the console (i've done that for other
reasons with a simple tail -f of various logs), but it'd be nicer
to retain the ability to use the console yourself (even remotely,
like via the Avanstar). the patches to get a terminal and cpu
server on the same box might be relavant, too. they're out of
date, but can be found here:
	http://www.fywss.com/plan9/info/misc/cpu_terminal

more generally speaking, though, i'd say if you don't trust your
colo enough to not dink around on your console, all bets are off...
ア

Re: [9fans] security of inferno os [ptr]

[Boyd Roberts]

Matt H wrote:
> If my machine is 150 miles away how will I press enter to tell it to boot
> from local & how is it possible to prevent the col-locators using it from
> the terminal. (not that I expect them to but ...)

Have you checked out reboot(8)?

    http://plan9.bell-labs.com/magic/man2html/8/reboot

It might not be _exactly_ what you want, but it might be a clue.

Re: [9fans] security of inferno os [ptr]

[Boyd Roberts]

Matt H wrote:
> I get a false sense of security from using FreeBSD rather than Linux

Hmm ...

brucee@plan9.bell-labs.com wrote:
> 
> *** {02.04.030} Linux - UML kernel memory access
> 
> User-Mode-Linux version 2.4.17-8 has been found to allow normal users
> within a UML Linux environment to change around system syscalls and
> access kernel memory, thereby allows them to gain root access both
> inside and outside the UML environment.

Re: [9fans] security of inferno os [ptr]

[Matt H]

> it is the only article of its kind on those circles on
> inferno and it even mentions plan9.

security through obscurity indeed

I get a false sense of security from using FreeBSD rather than Linux

Until "The Big Day" Glenda arrives at our colocator

Actually that does throw up a question for me (& not one that *needs*
answering any time soon)

If my machine is 150 miles away how will I press enter to tell it to boot
from local & how is it possible to prevent the col-locators using it from
the terminal. (not that I expect them to but ...)

M
 

Re: [9fans] security of inferno os [ptr]

[ozan s yigit]

viro@math.psu.edu (Alexander Viro) writes:

> Ah, yes - "if you run it hosted under Windows and host is compromised,
> it's very insecure" and it goes downwards from there.

right. i did not offer editorial commentary, just the pointer. so far
as i can tell, it is the only article of its kind on those circles on
inferno and it even mentions plan9.

oz
-- 
www.cs.yorku.ca/~oz	 | don't count your chickens in glass houses
york u. computer science | until the cows come home. -- david vestal

Re: [9fans] security of inferno os [ptr]

[Alexander Viro]

On Tue, 5 Feb 2002, ozan s yigit wrote:

> 
> fyi: this is published in the last issue of 2600. 
> http://www.phrack.org/show.php?p=58&a=12

Ah, yes - "if you run it hosted under Windows and host is compromised,
it's very insecure" and it goes downwards from there.

Right there with "suppose attacker got enough priveleges to run arbitrary
code in kernel mode.  You know, the system can be fscked real hard
after that! We couldn't figure out how to achieve <trivial modification
of kernel behaviour>, but here's how to <several equally trivial ones>"
(two articles in the same issue).

Overall: "Looking for real vulnerabilities is tough - let's go shopping!"
Piss-poor...

[9fans] security of inferno os [ptr]

[ozan s yigit]

fyi: this is published in the last issue of 2600. 
http://www.phrack.org/show.php?p=58&a=12

oz
-- 
www.cs.yorku.ca/~oz	 | don't count your chickens in glass houses
york u. computer science | until the cows come home. -- david vestal