9front - general discussion about 9front
 help / color / mirror / Atom feed
* [9front] cwfs footgun
@ 2022-12-14  0:37 hiro
  2022-12-18 14:21 ` cinap_lenrek
  0 siblings, 1 reply; 17+ messages in thread
From: hiro @ 2022-12-14  0:37 UTC (permalink / raw)
  To: 9front

some of you have found out that noauth is turned on by default.

that's why in the fqa it is described how to turn it off during the
first boot in cwfs' configuration mode.

if you setup your system in another way, not precisely according to
the fqa, you might have been tempted to try and remedy the fact that
noauth is on by default, by connecting to the cwfs.cmd console and
typed noauth, to toggle it.
but that setting doesn't persist. after a reboot, cwfs loads the old
value form configuration.

fyi.

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [9front] cwfs footgun
  2022-12-14  0:37 [9front] cwfs footgun hiro
@ 2022-12-18 14:21 ` cinap_lenrek
  2022-12-18 16:37   ` Stanley Lieber
  0 siblings, 1 reply; 17+ messages in thread
From: cinap_lenrek @ 2022-12-18 14:21 UTC (permalink / raw)
  To: 9front

I pushed a change removing the noauth and nonone commands from the
runtime fileserver console (/srv/cwfs.cmd).

These commands only apply to config mode (see the fqa and fsconfig(8)).

If you need to disable authentication at runtime, i added a "authdisable"
runtime flag that can be used in combination with the flag command.

I hope this avoids the confusion in the future.

--
cinap

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [9front] cwfs footgun
  2022-12-18 14:21 ` cinap_lenrek
@ 2022-12-18 16:37   ` Stanley Lieber
  2022-12-18 19:08     ` cinap_lenrek
  0 siblings, 1 reply; 17+ messages in thread
From: Stanley Lieber @ 2022-12-18 16:37 UTC (permalink / raw)
  To: 9front

On Dec 18, 2022, at 9:21 AM, cinap_lenrek@felloff.net wrote:
> 
> I pushed a change removing the noauth and nonone commands from the
> runtime fileserver console (/srv/cwfs.cmd).
> 
> These commands only apply to config mode (see the fqa and fsconfig(8)).
> 
> If you need to disable authentication at runtime, i added a "authdisable"
> runtime flag that can be used in combination with the flag command.
> 
> I hope this avoids the confusion in the future.
> 
> --
> cinap

is nonone now set by default for new installations?

will existing installations who were setting nonone via /srv/cwfs.cmd now be exposed until they set nonone permanently via the fsconfig console?

sl



^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [9front] cwfs footgun
  2022-12-18 16:37   ` Stanley Lieber
@ 2022-12-18 19:08     ` cinap_lenrek
  2022-12-18 19:20       ` hiro
  0 siblings, 1 reply; 17+ messages in thread
From: cinap_lenrek @ 2022-12-18 19:08 UTC (permalink / raw)
  To: 9front

> will existing installations who were setting nonone via /srv/cwfs.cmd now be exposed until
> they set nonone permanently via the fsconfig console?

yes.

--
cinap

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [9front] cwfs footgun
  2022-12-18 19:08     ` cinap_lenrek
@ 2022-12-18 19:20       ` hiro
  2022-12-18 19:20         ` hiro
  2022-12-18 19:22         ` Stanley Lieber
  0 siblings, 2 replies; 17+ messages in thread
From: hiro @ 2022-12-18 19:20 UTC (permalink / raw)
  To: 9front

can somebody please elaborate on the risks stemming from "nonone" ?

On 12/18/22, cinap_lenrek@felloff.net <cinap_lenrek@felloff.net> wrote:
>> will existing installations who were setting nonone via /srv/cwfs.cmd now
>> be exposed until
>> they set nonone permanently via the fsconfig console?
>
> yes.
>
> --
> cinap
>

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [9front] cwfs footgun
  2022-12-18 19:20       ` hiro
@ 2022-12-18 19:20         ` hiro
  2022-12-18 19:22         ` Stanley Lieber
  1 sibling, 0 replies; 17+ messages in thread
From: hiro @ 2022-12-18 19:20 UTC (permalink / raw)
  To: 9front

On 12/18/22, hiro <23hiro@gmail.com> wrote:
> can somebody please elaborate on the risks stemming from "nonone" ?
>
> On 12/18/22, cinap_lenrek@felloff.net <cinap_lenrek@felloff.net> wrote:
>>> will existing installations who were setting nonone via /srv/cwfs.cmd
>>> now
>>> be exposed until
>>> they set nonone permanently via the fsconfig console?
>>
>> yes.
>>
>> --
>> cinap
>>
>

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [9front] cwfs footgun
  2022-12-18 19:20       ` hiro
  2022-12-18 19:20         ` hiro
@ 2022-12-18 19:22         ` Stanley Lieber
  2022-12-18 19:43           ` hiro
  2022-12-18 20:29           ` cinap_lenrek
  1 sibling, 2 replies; 17+ messages in thread
From: Stanley Lieber @ 2022-12-18 19:22 UTC (permalink / raw)
  To: 9front

On Dec 18, 2022, at 2:20 PM, hiro <23hiro@gmail.com> wrote:
> 
> can somebody please elaborate on the risks stemming from "nonone" ?
> 
> On 12/18/22, cinap_lenrek@felloff.net <cinap_lenrek@felloff.net> wrote:
>>> will existing installations who were setting nonone via /srv/cwfs.cmd now
>>> be exposed until
>>> they set nonone permanently via the fsconfig console?
>> 
>> yes.
>> 
>> --
>> cinap

by default, when cwfs is listening on port 564, anyone can attach as user none. nonone disables it.

sl



^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [9front] cwfs footgun
  2022-12-18 19:22         ` Stanley Lieber
@ 2022-12-18 19:43           ` hiro
  2022-12-18 20:26             ` cinap_lenrek
  2022-12-18 20:29           ` cinap_lenrek
  1 sibling, 1 reply; 17+ messages in thread
From: hiro @ 2022-12-18 19:43 UTC (permalink / raw)
  To: 9front

so i toggled twice here, and i got:
"none disabled" as the last line.

i guess that means that none access is disabled?
my cwfs config block (first block at beginning of my cwfs cache
partition) doesn't mention any "nonone".
does this mean after a reboot none will be enabled?

On 12/18/22, Stanley Lieber <sl@stanleylieber.com> wrote:
> On Dec 18, 2022, at 2:20 PM, hiro <23hiro@gmail.com> wrote:
>>
>> can somebody please elaborate on the risks stemming from "nonone" ?
>>
>> On 12/18/22, cinap_lenrek@felloff.net <cinap_lenrek@felloff.net> wrote:
>>>> will existing installations who were setting nonone via /srv/cwfs.cmd
>>>> now
>>>> be exposed until
>>>> they set nonone permanently via the fsconfig console?
>>>
>>> yes.
>>>
>>> --
>>> cinap
>
> by default, when cwfs is listening on port 564, anyone can attach as user
> none. nonone disables it.
>
> sl
>
>
>

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [9front] cwfs footgun
  2022-12-18 19:43           ` hiro
@ 2022-12-18 20:26             ` cinap_lenrek
  0 siblings, 0 replies; 17+ messages in thread
From: cinap_lenrek @ 2022-12-18 20:26 UTC (permalink / raw)
  To: 9front


> so i toggled twice here, and i got:
> "none disabled" as the last line.

the previous state doesnt matter in config mode.
cwfs has not read your configuration when you type
the commands in config mode.

it records what you explicitely set. and the effecting
state after ending the condifuration is what it said
after you run the command.

basically, as you hit end. it will read the config block
and then "merge" whatever you told it in config mode
with whatever it read in the config block and then write
that back.

the reason for this is that you tell it what the config
block device is in config mode ;)

so this means, if it says "none disabled" and you type
"end" then:

you'll have "nonone" in your config, and authenticating
as none will not be allowed from a new network connection.

> i guess that means that none access is disabled?

yes.

> my cwfs config block (first block at beginning of my cwfs cache
> partition) doesn't mention any "nonone".

i was referring to config mode. the "nonone" command
was removed in from the runtime console PRECISELY
because people get confused and ASSUME and GUESS
that it would persist across reboots. it does not.

> does this mean after a reboot none will be enabled?

yes.

--
cinap

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [9front] cwfs footgun
  2022-12-18 19:22         ` Stanley Lieber
  2022-12-18 19:43           ` hiro
@ 2022-12-18 20:29           ` cinap_lenrek
  2023-01-06  0:59             ` hiro
  1 sibling, 1 reply; 17+ messages in thread
From: cinap_lenrek @ 2022-12-18 20:29 UTC (permalink / raw)
  To: 9front

> by default, when cwfs is listening on port 564, anyone can attach as user none.
> nonone disables it.

correct. this was the default behaviour of the kenfs fileserver.

"nonoe" was added by 9front later in case you do not want to give everyone
on the internet access to all "world readable" files.

btw.

netaudit(8) will also check for this now, trying if it can dial the fileserver
and attach as "none" without authentication and see if it succeeds.

--
cinap

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [9front] cwfs footgun
  2022-12-18 20:29           ` cinap_lenrek
@ 2023-01-06  0:59             ` hiro
  2023-01-06  2:57               ` sl
  0 siblings, 1 reply; 17+ messages in thread
From: hiro @ 2023-01-06  0:59 UTC (permalink / raw)
  To: 9front

cinap has also provided an illustration of this problem:
https://felloff.net/usr/cinap_lenrek/authbikestick.jpg

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [9front] cwfs footgun
  2023-01-06  0:59             ` hiro
@ 2023-01-06  2:57               ` sl
  2023-01-06  3:58                 ` Alex Musolino
  0 siblings, 1 reply; 17+ messages in thread
From: sl @ 2023-01-06  2:57 UTC (permalink / raw)
  To: 9front

http://fqa.9front.org/fqa7.html#7.3.3

sl

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [9front] cwfs footgun
  2023-01-06  2:57               ` sl
@ 2023-01-06  3:58                 ` Alex Musolino
  2023-01-06  4:38                   ` sl
  2023-01-06 13:20                   ` cinap_lenrek
  0 siblings, 2 replies; 17+ messages in thread
From: Alex Musolino @ 2023-01-06  3:58 UTC (permalink / raw)
  To: 9front

> http://fqa.9front.org/fqa7.html#7.3.3

Why do you have to type 'noauth' twice?  To me the example makes it
look like authentication was already enabled, which would seem to make
the whole exercise pointless.  Was the example generated on a machine
that already had authentication enabled perhaps?  If not, what am I
missing?

Also, how does hjfs avoid this problem?


^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [9front] cwfs footgun
  2023-01-06  3:58                 ` Alex Musolino
@ 2023-01-06  4:38                   ` sl
  2023-01-06  5:20                     ` hiro
  2023-01-06 13:20                   ` cinap_lenrek
  1 sibling, 1 reply; 17+ messages in thread
From: sl @ 2023-01-06  4:38 UTC (permalink / raw)
  To: 9front

>> http://fqa.9front.org/fqa7.html#7.3.3
> 
> Why do you have to type 'noauth' twice?  To me the example makes it
> look like authentication was already enabled, which would seem to make
> the whole exercise pointless.  Was the example generated on a machine
> that already had authentication enabled perhaps?  If not, what am I
> missing?

you type it as many times as is necessary to end up with "auth is now enabled"
as the output. maybe more, maybe less.


> Also, how does hjfs avoid this problem?

hjfs is a completely different program and behaves differently.

sl

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [9front] cwfs footgun
  2023-01-06  4:38                   ` sl
@ 2023-01-06  5:20                     ` hiro
  2023-01-06  5:43                       ` Stanley Lieber
  0 siblings, 1 reply; 17+ messages in thread
From: hiro @ 2023-01-06  5:20 UTC (permalink / raw)
  To: 9front

btw, if you just echo into cwfs.cmd, you will never even see any
feedback e.g. "auth enabled" message.

the image suggests otherwise.

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [9front] cwfs footgun
  2023-01-06  5:20                     ` hiro
@ 2023-01-06  5:43                       ` Stanley Lieber
  0 siblings, 0 replies; 17+ messages in thread
From: Stanley Lieber @ 2023-01-06  5:43 UTC (permalink / raw)
  To: 9front

On Jan 6, 2023, at 12:22 AM, hiro <23hiro@gmail.com> wrote:
> 
> btw, if you just echo into cwfs.cmd, you will never even see any
> feedback e.g. "auth enabled" message.
> 
> the image suggests otherwise.

i guess the only real way to know whether or not you were safe is to have your files exposed by failing to enable auth. at least then you’re sure.

sl



^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [9front] cwfs footgun
  2023-01-06  3:58                 ` Alex Musolino
  2023-01-06  4:38                   ` sl
@ 2023-01-06 13:20                   ` cinap_lenrek
  1 sibling, 0 replies; 17+ messages in thread
From: cinap_lenrek @ 2023-01-06 13:20 UTC (permalink / raw)
  To: 9front

> Also, how does hjfs avoid this problem?

hjfs enables authentication when you pass -A flag on the command line.

--
cinap

^ permalink raw reply	[flat|nested] 17+ messages in thread

end of thread, other threads:[~2023-01-06 13:23 UTC | newest]

Thread overview: 17+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-12-14  0:37 [9front] cwfs footgun hiro
2022-12-18 14:21 ` cinap_lenrek
2022-12-18 16:37   ` Stanley Lieber
2022-12-18 19:08     ` cinap_lenrek
2022-12-18 19:20       ` hiro
2022-12-18 19:20         ` hiro
2022-12-18 19:22         ` Stanley Lieber
2022-12-18 19:43           ` hiro
2022-12-18 20:26             ` cinap_lenrek
2022-12-18 20:29           ` cinap_lenrek
2023-01-06  0:59             ` hiro
2023-01-06  2:57               ` sl
2023-01-06  3:58                 ` Alex Musolino
2023-01-06  4:38                   ` sl
2023-01-06  5:20                     ` hiro
2023-01-06  5:43                       ` Stanley Lieber
2023-01-06 13:20                   ` cinap_lenrek

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).