From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 9635 invoked from network); 18 Dec 2022 19:24:24 -0000 Received: from 9front.inri.net (168.235.81.73) by inbox.vuxu.org with ESMTPUTF8; 18 Dec 2022 19:24:24 -0000 Received: from gaff.inri.net ([168.235.71.243]) by 9front; Sun Dec 18 14:22:36 -0500 2022 Received: from smtpclient.apple ([104.59.85.219]) by gaff; Sun Dec 18 14:22:36 -0500 2022 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable From: Stanley Lieber Mime-Version: 1.0 (1.0) Message-Id: References: In-Reply-To: To: 9front@9front.org Date: Sun, 18 Dec 2022 14:22:25 -0500 X-Mailer: iPhone Mail (20B110) List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: anonymous API Subject: Re: [9front] cwfs footgun Reply-To: 9front@9front.org Precedence: bulk On Dec 18, 2022, at 2:20 PM, hiro <23hiro@gmail.com> wrote: >=20 > =EF=BB=BFcan somebody please elaborate on the risks stemming from "nonone"= ? >=20 > On 12/18/22, cinap_lenrek@felloff.net wrote: >>> will existing installations who were setting nonone via /srv/cwfs.cmd no= w >>> be exposed until >>> they set nonone permanently via the fsconfig console? >>=20 >> yes. >>=20 >> -- >> cinap by default, when cwfs is listening on port 564, anyone can attach as user no= ne. nonone disables it. sl