Re: [9front] Re: [9front] Re: [9front] fqa 7.3.3.1 - Stop cwfs from allowing user none to attach without authentication

[hiro <23hiro@gmail.com>]

yep, it's very unusual.

out of their view perhaps less so: why did you give the address a
public ip address if you didn't want the world to access it?

but i agree of course we need a proper guideline now how to secure a
system at least a minimal extent...

otoh, instead of a guideline, perhaps it's better to change the
defaults. if all the /rc/bin/service* stuff starts by default, it has
to be guaranteed that it's safe by default, IMO.

On 1/22/21, Stanley Lieber <sl@stanleylieber.com> wrote:
> On January 22, 2021 11:07:22 AM EST, hiro <23hiro@gmail.com> wrote:
>>> they can read any world readable file on the system
>>
>>sounds like it works as intended, thus the word world.
>>
>>to reject world access without the nonone (which sounds like a hack)
>>on our default installed fileservers requires some configuration
>>changes as it clearly isn't the default on unix and never was.
>>
>>unless there are cases where you cannot just revoke world access by
>>changing those permissions on the filesystem, i would say there is no
>>problem.
>>
>>you can never change permissions inside the '#' devices, so there
>>might be multiple problems hidden there.
>>
>>do i understand correctly that #p access is always a problem? it would
>>be good to make a list.
>>
>>On 1/22/21, Stanley Lieber <sl@stanleylieber.com> wrote:
>>> On January 22, 2021 1:27:48 AM EST, sirjofri
>>> <sirjofri+ml-9front@sirjofri.de> wrote:
>>>>Hello sl,
>>>>
>>>>22.01.2021 03:39:18 sl@stanleylieber.com:
>>>>> echo nonone >>/srv/cwfs.cmd
>>>>
>>>>Is there some good reason why/when I should do this? How does none
>>>>authenticate?
>>>>
>>>>Does this just disable all anonymous access to the fileserver, like web
>>>>servers?
>>>>
>>>>sirjofri
>>>>
>>>
>>> my understanding is when you enable cwfs network listener user none is
>>> allowed to attach over the network by default, no authentication
>>> required.
>>> this means they can read any world readable file on the system.
>>>
>>> as far as i can tell nonone is undocumented, but it's in the source.
>>> you'd
>>> want to use nonone at boot time (in cpurc, for example).
>>>
>>> i had this in my own cpurc on my ancient cwfs system, iirc it was cinap
>>> who
>>> told me to do it. somehow i failed to add this to the fqa until now.
>>>
>>> sl
>>>
>>
>
> the surprise gotcha is that by default anyone at all can attach to your fs
> without explicit permission. "world readable" is understood to mean anyone
> on the system. it wasn't expected that the world has access to the system.
>
> sl
>