From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: ***
X-Spam-Status: No, score=3.6 required=5.0 tests=RCVD_IN_SBL_CSS autolearn=no
	autolearn_force=no version=3.4.4
Received: (qmail 25990 invoked from network); 21 Jan 2021 23:35:37 -0000
Received: from 1ess.inri.net (216.126.196.35)
  by inbox.vuxu.org with ESMTPUTF8; 21 Jan 2021 23:35:37 -0000
Received: from 5ess.inri.net ([107.191.111.177]) by 1ess; Thu Jan 21 18:08:27 -0500 2021
Received: from [127.0.0.1] ([166.170.220.211]) by 5ess; Thu Jan 21 18:08:26 -0500 2021
Date: Thu, 21 Jan 2021 18:08:25 -0500
From: Stanley Lieber <sl@stanleylieber.com>
To: 9front@9front.org
In-Reply-To: <B43B2685-E607-4AE2-A24B-4EBCFA522E43@stanleylieber.com>
References: <154A2B81E5307985989F46BE958ACBAC@eigenstate.org> <e3731a6b-536f-4eeb-b4ff-99fbf4b1dd4d@sirjofri.de> <F5EE84AC-F5A1-4495-A750-F9B0B4C507A5@stanleylieber.com> <CAFSF3XMA8MW8JHzNCKzJjqi236Jm6cHB30BpMx9fs4vzMHBarw@mail.gmail.com> <84C199F8-15A4-4434-AD56-A35AB5CC6F4A@stanleylieber.com> <CAFSF3XMA3k7QQLunbbgdKpebtKdFiOqty=Ndk+2S2igOhuJwcg@mail.gmail.com> <B43B2685-E607-4AE2-A24B-4EBCFA522E43@stanleylieber.com>
Message-ID: <4F292E8D-F13E-4366-B83C-3AD984AFA4AB@stanleylieber.com>
MIME-Version: 1.0
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: quoted-printable
List-ID: <9front.9front.org>
List-Help: <http://lists.9front.org>
X-Glyph: ➈
X-Bullshit: decentralized decentralized pipelining-based locator 
Subject: Re: [9front] user none: cwfs vs hjfs
Reply-To: 9front@9front.org
Precedence: bulk

On January 21, 2021 6:00:33 PM EST, Stanley Lieber <sl@stanleylieber=2Ecom>=
 wrote:
>On January 21, 2021 5:51:02 PM EST, hiro <23hiro@gmail=2Ecom> wrote:
>>why do you think running every service as none is a recommended practice=
?
>>
>>On 1/21/21, Stanley Lieber <sl@stanleylieber=2Ecom> wrote:
>>> On January 21, 2021 5:01:06 PM EST, hiro <23hiro@gmail=2Ecom> wrote:
>>>>otoh not fixing hjfs may break security assumptions=2E
>>>>
>>>
>>> yes=2E i think we should fix hjfs=2E a lot of stuff relies on user non=
e doing
>>> what it does in cwfs=2E the most import thing is that all file systems=
 behave
>>> the same way=2E
>>>
>>> that said, relegating user none to world readable files while simultan=
eously
>>> running basically every service as none makes isolating services, and =
more
>>> blatantly keeping local users out of service files, difficult if not
>>> impossible=2E
>>>
>>> i think they got lazy with user none=2E we need some finer grade contr=
ol over
>>> user capabilities=2E
>>>
>>> sl
>>>
>>
>
>upas for one hardcodes switching to user none even if you don't run it as=
 user none=2E
>
>sl
>

right now, running as user none is the only way to mask proc and other # f=
ile system data=2E

it's the default user for the listener, hiro=2E

sl