From: Gorka Guardiola Múzquiz <paurea@plan9.escet.urjc.es>
To: 9fans@cse.psu.edu
Subject: [9fans] plan9 security...
Date: Fri, 13 Feb 2004 15:04:29 +0100 [thread overview]
Message-ID: <ab8642526016f58ade156ffac050da2e@plan9.escet.urjc.es> (raw)
I was with some friend commenting on security in plan 9 and we found
some breach in security, at least the way it is used here. I don't
know if this is a problem of the (awful) topology of our net or a real
breach. Here we have a fileserver which serves the kernel for the
terminals on dhcp. Terminals boot diskless. The problem here is that
all the net taps in the University can form part of our subnet. VPNs
are generated dinamically looking at the addresses which come from all
the taps. The thing is that someone can do a DoS attack on
the fileserver, answer for it the dhcp request (it can be done from
any place on the University), and serve a tame kernel just to get the
passwords of the users. We are studying the idea of signing somehow
the kernel with a net/host secret and adding support for it on 9load
to stop this happening. Another solution would be to implement DHCP
authentication, but it may be much more complicated.
Would this be useful for any other person on the list?. Do you think
it is a good solution?. Ideas?. Suggestions?.
Gorka.
next reply other threads:[~2004-02-13 14:04 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-02-13 14:04 Gorka Guardiola Múzquiz [this message]
2004-02-13 15:18 ` Dave Lukes
2004-02-14 4:05 ` boyd, rounin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ab8642526016f58ade156ffac050da2e@plan9.escet.urjc.es \
--to=paurea@plan9.escet.urjc.es \
--cc=9fans@cse.psu.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).