From: "sirjofri via 9fans" <9fans@9fans.net>
To: 9fans <9fans@9fans.net>
Subject: Re: [9fans] Solo factotum
Date: Wed, 31 Dec 2025 10:40:38 +0100 [thread overview]
Message-ID: <a78ec022-9a6c-48e4-82ea-6a0d1f89a249@sirjofri.de> (raw)
In-Reply-To: <8716F627-36EE-445A-B4B4-754C9136596E@quintile.net>
31.12.2025 05:31:21 Steve Simon <steve@quintile.net>:
> when i used plan9 full time i kept a usb stick containing my encrypted secrets (in factotum format) plugged into my terminal.
> i added a clause to my profile to prompt for the password to decrypt it and push the text (via read -m) into /mnt/factotum/ctl.
>
> (all from memory, so it may be inexact)
>
> how would the proposed device improve on this? - honest question.
That depends on your terminal and grid. Yes, the factotum process runs on your terminal, so the memory is on your machine. However, if that terminal boots off an untrusted grid and the factotum program is corrupted to send your secrets to some server, or to have debugging enabled by default, that's an attack vector. It's like using ipso in an unprotected ramfs.
If factotum runs standalone on a separate machine like that USB device, the secrets can't leave that device and thus never even reach the terminal.
Again, that attack vector is very unlikely in a standard environment where you control the grid, and most users will run trusted factotums in public grids, too, by using a trusted system to rcpu into that untrusted one. Other than that, security is a very personal thing. Some people can live with higher risks than others.
And yes ori, it's basically reinventing TPM, just Plan 9-flavored.
Have a good new year everyone
sirjofri
------------------------------------------
9fans: 9fans
Permalink: https://9fans.topicbox.com/groups/9fans/Ta60752663ff08448-Mfe84efc9c20c371ba0d199ab
Delivery options: https://9fans.topicbox.com/groups/9fans/subscription
next prev parent reply other threads:[~2025-12-31 16:19 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-29 10:57 [9fans] Solo factotum (was: Enterable namespaces: /proc/pid/$ns/srv) David Arroyo
2025-12-29 14:40 ` sirjofri via 9fans
2025-12-30 6:28 ` David Arroyo
2025-12-30 17:56 ` [9fans] Solo factotum Dworkin Muller
2025-12-30 21:37 ` sirjofri via 9fans
2025-12-30 23:29 ` ori
2025-12-31 4:24 ` Steve Simon
2025-12-31 5:21 ` David Arroyo
2025-12-31 17:31 ` ori
2025-12-31 21:47 ` Steve Simon
2025-12-31 9:40 ` sirjofri via 9fans [this message]
2025-12-31 16:26 ` ori
2025-12-31 8:51 ` Skip Tavakkolian
2025-12-29 15:32 ` [9fans] Solo factotum (was: Enterable namespaces: /proc/pid/$ns/srv) Shawn Rutledge
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a78ec022-9a6c-48e4-82ea-6a0d1f89a249@sirjofri.de \
--to=9fans@9fans.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).