From mboxrd@z Thu Jan 1 00:00:00 1970 MIME-Version: 1.0 References: In-Reply-To: From: Skip Tavakkolian Date: Wed, 24 May 2017 17:03:31 +0000 Message-ID: To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Content-Type: multipart/alternative; boundary="001a114fedde1a91cc055048169a" Subject: Re: [9fans] why disabled -n option of secstore in plan9port Topicbox-Message-UUID: be6b4f68-ead9-11e9-9d60-3106f5b1d025 --001a114fedde1a91cc055048169a Content-Type: text/plain; charset="UTF-8" probably because it wouldn't be a secure storage. p9p is hosted on linux or macos, and if the keys are stored in a file (or device) on the host os, then secstore would be only as secure as the host os (e.g. sudo privilege). readnvram (src/libauthsrv/readnvram.c) expects to find the keys in locations that are specific to plan9 devices (e.g. '#r/nvram'). unattended startup of secstore assumes that there is physical access control to the machine and only the host-owner can access nvram. On Wed, May 24, 2017 at 8:27 AM Kyohei Kadota wrote: > Hello fans. > > I'm curious why secstore's -n option is disabled. > > https://github.com/9fans/plan9port/blob/master/src/cmd/auth/secstore/secstore.c#L390 > > Does someone know? > --001a114fedde1a91cc055048169a Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
probably because it wouldn't be a secure storage.= =C2=A0p9p is hosted on linux or macos, and if the keys are stored in a fil= e (or device) on the host os, then secstore would be only as secure as the = host os (e.g. sudo privilege).

readnvram (src/liba= uthsrv/readnvram.c) expects to find the keys in locations that are specific= to plan9 devices (e.g. '#r/nvram'). unattended startup of secstore= assumes that there is physical access control to the machine and only the = host-owner can access nvram.


On Wed, May 24, 2017 at 8:27 AM Kyohei Kadota &= lt;lufia@lufia.org> wrote:
Hello fans.

I'm curious why secstore's -n option is disabled.=
<= div>
Does someone know?
--001a114fedde1a91cc055048169a--