From mboxrd@z Thu Jan 1 00:00:00 1970 MIME-Version: 1.0 In-Reply-To: <1d5d51400908170533m54c16c16k6204d4b0793b08eb@mail.gmail.com> References: <1d5d51400908170533m54c16c16k6204d4b0793b08eb@mail.gmail.com> Date: Mon, 17 Aug 2009 11:36:25 -0400 Message-ID: <509071940908170836t53a426d0ta62b3dd8d803a22c@mail.gmail.com> From: Anthony Sorace To: fernanbolando@mailc.net, Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Subject: Re: [9fans] securing venti and fileservers was: (vac errors after updating to latest p9p archive) Topicbox-Message-UUID: 4c900996-ead5-11e9-9d60-3106f5b1d025 Less of a "here's my experience" than a summary of earlier conversations with various people, but still perhaps relevant or helpful: 0) Venti contains neither authentication nor authorization. If you care, you are advised to stick it on a trusted network, or listen only on loopback. 1) The venti protocol reserves space for auth (see VtTauth0 and VtTauth1 in /sys/include/venti.h), but I'm pretty sure nobody implements it. Certainly I haven't found any definition of those fields. 2) My biggest security concern wrt venti is denial-of-service by way of spamming my disk (intentionally or not). /sys/src/cmd/venti/ro.c implements a read-only proxy which reduces this risk. 3) The proxy also provides a useful example of how more complex proxies could be constructed. What I'd like (it's on my todo, but down a few rungs) is an extended version that allows r/w access from trusted hosts/networks and r/o from everyone else. 4) There's always ssl or the like. Some people argue that's the best path to take; I'm less convinced. ----- P.S.: I have no idea why, but gmail thinks an appropriate ad for this topic is for "Emo Teens": "Explore Emo Style & Personality. The Latest Family Topics!". Funny, Glenda doesn't *look* emo to me.