From mboxrd@z Thu Jan  1 00:00:00 1970
Message-ID: <3EC57959.9020409@ameritech.net>
From: northern snowfall <dbailey27@ameritech.net>
User-Agent: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:0.9.4.1) Gecko/20020518 Netscape6/6.2.3
MIME-Version: 1.0
To: 9fans@cse.psu.edu
Subject: Re: [9fans] Free Plan 9 "shell" accounts?
References: <7f3c0429076f59dc5ba8e3513802d2d6@collyer.net>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Date: Fri, 16 May 2003 18:50:49 -0500
Topicbox-Message-UUID: af00e6ae-eacb-11e9-9e20-41e7f4b1d025

>
>
>If giving out accounts to complete strangers, I'd want to look at what
>to do about the wide-open permissions that seem to be necessary under
>/mail and the ability of anybody to create and remove files from /srv.
>Apparently no one can rename files in /srv (the attempt is quietly
>ignored), which helps.  It might be handy to have a way to create a
>new #s instance or perhaps to be able to copy #s during rfork
>(RFSRVG?).
>
Just as a note, I attempted this same thing for friends a while
back. I was left with a feeling of insecurity, however. While
plan9 is great for securing against individuals without access
to a CPU server, allowing users to connect leaves many things
dynamically changeable. Of course, this is fine for most
research situations where users have a sense of loyalty to
their environment. However, a "free 9shell" situation would
have many possibilities for on-system manipulation.
    My biggest problems related to securing the network. Any
user can alter the routing tables, arp tables, etc. Not to
mention, users are also able to put the ether device in promisc
mode and write to the ether device raw. This obviously leaves
sniffing easily open to both hubs and switched environments, as
spoofing to hijack the network is extremely simplified on plan9.
In fact, if you know what you're doing, you can do it without
compiling any special code. I wrote patches to quash these issues
in plan9 revision 3 and had good success with it. Though, I've
not looked at the differences in the network code from 3 to 4, so,
I wouldn't know how my patches would be relevant now.
    Since this is something I've had on the back burners of my
in-mind todo-list, I may upgrade the patches to 4.
Don

>