From mboxrd@z Thu Jan 1 00:00:00 1970 From: cigar562hfsp952fans@icebubble.org To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Date: Thu, 6 Dec 2018 04:47:32 +0000 Message-ID: <861s6vdzx7.fsf@cmarib.ramside> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: [9fans] FWD: Role of factotum(4) in Inferno security Topicbox-Message-UUID: f015f5e0-ead9-11e9-9d60-3106f5b1d025 Hi, 9fans, I recently posted this to the Inferno list. I still haven't gotten any replies after almost a week. Since factotum originated on Plan 9, I'm re-posting this to 9fans. Hopefully, someone in 9-landia will be able to provide some insight into what factotum does on Inferno. Thanks! ================ SNIP ================ SNIP ================ SNIP ===== From: clasp126hfsp645io@icebubble.org To: inferno-os Subject: Role of factotum(4) in Inferno security Date: Sat, 01 Dec 2018 20:44:01 +0000 So, I've been reading about security in Inferno. There are many complex, interacting pieces, and lots of docs (and source code) to read. But once you get it all in your head, it makes sense. It's actually quite elegant. One thing which still confuses me, however, is the function of factotum(4) on Inferno. Factotum->mount, in the factotum(2) module, allows Inferno to mount file systems exported from Plan 9, using the factotum(4) file system to authenticate with the Plan 9 server. The "-9" option to mount(1), as described in bind(1), makes this functionality fully available from the Inferno command-line. However, there doesn't appear to be any corresponding Factotum->export in factotum(2) that uses factotum(4) to authenticate attach requests (made with Tauth &seq). Accordingly, neither export(4) nor styxlisten(1) have anything which would correspond to the "-9" option of mount(1). Is factotum(4) on Inferno used only for mounting from Plan 9? Why not for exporting to Plan 9? factotum(4) on Inferno only implements a few authentication protocols (p9sk1, p9any, pass, and infauth, according to the man page). Looking at the actual code, however, it also appears to support "rsa" (as used by SSH) and "authquery" (whatever that is). It doesn't appear to support any of the other authentication protocols (such as apop, cram, chap, mschap, etc.) available on Plan 9's factotum(4). So, how is one supposed to do things like APOP on Inferno? Currently, it looks like I'd have to run Inferno under emu, hosted on either Plan 9 or plan9port, and import factotum(4) from the host OS. (In other words, no APOP when running Inferno on bare hardware.) Lastly, I see that Inferno's factotum(4) supports an "infauth" authentication protocol which (presumably) encapsulates Inferno's auth(6) protocol. But Keyring->auth (cf. keyring-auth(2)) doesn't appear to have any option to delegate the Station-to-Station protocol to factotum(4). Yes, I see that the keyring module, which does the STS, is implemented in C and hard-linked into the kernel/emu. But I don't see any place where "proto=infauth" keys in factotum(4) are actually used by the system. The factotum(4) in plan9port doesn't support the "infauth" authentication protocol, either. So, if nothing uses "proto=infauth", then why is it there? Any insights would be greatly appreciated. Thanks!