* [9fans] major security screw up
@ 2002-06-29 14:56 presotto
0 siblings, 0 replies; only message in thread
From: presotto @ 2002-06-29 14:56 UTC (permalink / raw)
To: 9fans
#¤/caphash is an exclusive open device and is the way
factotum gives the kernel hashes of 'change identity'
capabilities. Read the man page for more info.
The problem was that factotum wasn't keeping it open,
letting anyone else dump hashes in. Exclusive
access was stupid on multiple fronts so I nuked it.
Instead, only the hostowner now can open it. The
host owner can also remove #¤/caphash so that no new procs
can use it. Thus, once factotum and possibly cron are
started, you can do
rm '#¤/caphash'
and remove the possiblility of any other processes changing
id without proof.
Pick up new
/sys/src/cmd/auth/cron.c
/sys/src/cmd/auth/factotum/*.c
/sys/src/9/port/devcap.c
then remake factotum, then the kernel.
Removing caphash is useful if the hostowner doesn't
have write access to most things; useless if it can change
/bin/termrc, /bin/cpurc, the kernel that gets booted, can
write /srv/kfscmd when running off a local fs, ...
The down side of removing caphash is that to restart cron,
you have to reboot.
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2002-06-29 14:56 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2002-06-29 14:56 [9fans] major security screw up presotto
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).