[9front] Re: [9front] Re: [9front] Re: [9front] fqa 7.3.3.1 - Stop cwfs from allowing user none to attach without authentication

[Stanley Lieber <sl@stanleylieber.com>]

On January 22, 2021 12:04:35 PM EST, hiro <23hiro@gmail.com> wrote:
>yep, it's very unusual.
>
>out of their view perhaps less so: why did you give the address a
>public ip address if you didn't want the world to access it?
>
>but i agree of course we need a proper guideline now how to secure a
>system at least a minimal extent...
>
>otoh, instead of a guideline, perhaps it's better to change the
>defaults. if all the /rc/bin/service* stuff starts by default, it has
>to be guaranteed that it's safe by default, IMO.
>
>On 1/22/21, Stanley Lieber <sl@stanleylieber.com> wrote:
>> On January 22, 2021 11:07:22 AM EST, hiro <23hiro@gmail.com> wrote:
>>>> they can read any world readable file on the system
>>>
>>>sounds like it works as intended, thus the word world.
>>>
>>>to reject world access without the nonone (which sounds like a hack)
>>>on our default installed fileservers requires some configuration
>>>changes as it clearly isn't the default on unix and never was.
>>>
>>>unless there are cases where you cannot just revoke world access by
>>>changing those permissions on the filesystem, i would say there is no
>>>problem.
>>>
>>>you can never change permissions inside the '#' devices, so there
>>>might be multiple problems hidden there.
>>>
>>>do i understand correctly that #p access is always a problem? it would
>>>be good to make a list.
>>>
>>>On 1/22/21, Stanley Lieber <sl@stanleylieber.com> wrote:
>>>> On January 22, 2021 1:27:48 AM EST, sirjofri
>>>> <sirjofri+ml-9front@sirjofri.de> wrote:
>>>>>Hello sl,
>>>>>
>>>>>22.01.2021 03:39:18 sl@stanleylieber.com:
>>>>>> echo nonone >>/srv/cwfs.cmd
>>>>>
>>>>>Is there some good reason why/when I should do this? How does none
>>>>>authenticate?
>>>>>
>>>>>Does this just disable all anonymous access to the fileserver, like web
>>>>>servers?
>>>>>
>>>>>sirjofri
>>>>>
>>>>
>>>> my understanding is when you enable cwfs network listener user none is
>>>> allowed to attach over the network by default, no authentication
>>>> required.
>>>> this means they can read any world readable file on the system.
>>>>
>>>> as far as i can tell nonone is undocumented, but it's in the source.
>>>> you'd
>>>> want to use nonone at boot time (in cpurc, for example).
>>>>
>>>> i had this in my own cpurc on my ancient cwfs system, iirc it was cinap
>>>> who
>>>> told me to do it. somehow i failed to add this to the fqa until now.
>>>>
>>>> sl
>>>>
>>>
>>
>> the surprise gotcha is that by default anyone at all can attach to your fs
>> without explicit permission. "world readable" is understood to mean anyone
>> on the system. it wasn't expected that the world has access to the system.
>>
>> sl
>>
>

yes. we did disable more listeners than labs had by default. i have no idea why nonone was never changed.

sl