From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FROM autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 20414 invoked from network); 22 Jan 2021 17:31:54 -0000 Received: from 1ess.inri.net (216.126.196.35) by inbox.vuxu.org with ESMTPUTF8; 22 Jan 2021 17:31:54 -0000 Received: from mail-ed1-f53.google.com ([209.85.208.53]) by 1ess; Fri Jan 22 12:04:46 -0500 2021 Received: by mail-ed1-f53.google.com with SMTP id n6so7342932edt.10 for <9front@9front.org>; Fri, 22 Jan 2021 09:04:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=zVZf15DjkdCxbYRYoGSWuaRdd4XpPl8HIO0aAE9pg/M=; b=EyLyo778LPHx96uppfoatsEKg/8WajtYgIi/G09Ha7J2tZHBar2Un7aYGN5BKsD/3A LXABt/w03OmlIeaa4MrjrYkXpKj+DKm91ci1pkCijwb7ogiiDr8G6Rb2OEUQNZc0jkX9 9qFjpAWfAxyDyODERjjKLdAY4GZnuaSvkErmHB9QKzeMEundCCTTOC6xK23gZcSLTrUm rlRzO0bSVt5E5m/I0GywcYprUAfiWk710hnJ3D7TwsldgelV7ld+2j7jYnQvgW5+MigU MFpcLTp+TmE1L8jYjc8VTefGUITJCSksnT8hkoymjmFD6wDkN8UGMFkBiHnN+0D/W0h0 zsZQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=zVZf15DjkdCxbYRYoGSWuaRdd4XpPl8HIO0aAE9pg/M=; b=kYZdM49B4cWMdaKvS7LVqLYljNyWlImKuSocjmwvEg015Ys/iGuPZXfliqppP1eJoc X5qqQGJNXD/lweiKuGShllGGN7aCqlRf9admxK59qsYI5lOrxrOMBs2SNEZc+lt3jSSe SF+1A9MbiWIlmG23uBkKOHCYwZ1UGw97y/MplXS1m4a3pK6+Bp/OxNvhtfo1vbzV1oDj cG+XrnWzAb25oOLHWjoqaLm46zsZ8YB05D06MHpbJH9QPkFaV2cPvBN816/Kd0Jr8vEW rUdrlDV4UfcmE1O3CzLZRSADOT59jwoZd3laUr363t/uwyvreBLzVanDeuwosKRB6dh6 jkeg== X-Gm-Message-State: AOAM530OWZc/o9cGKttOuUZudOCvDoEVLRxgxiDa3lzwhZIXrKWzmpX4 xgI6P9DQomds5caZUy4UcZQS/t7iC+EEHlZszodURChSJsg= X-Google-Smtp-Source: ABdhPJwSgki4bBj4g1ZOtpElKq065ra+/ZzQKP/cvwqnKJ1jjo8kmhvUjB8oBSczkynY45jA2VK/ix5/2dgSfiV4LUw= X-Received: by 2002:a05:6402:139a:: with SMTP id b26mr3995278edv.47.1611335075907; Fri, 22 Jan 2021 09:04:35 -0800 (PST) MIME-Version: 1.0 Received: by 2002:a17:906:3f91:0:0:0:0 with HTTP; Fri, 22 Jan 2021 09:04:35 -0800 (PST) In-Reply-To: <77DF150E-1F8B-4D9E-B143-1DAC71BF2915@stanleylieber.com> References: <711bec9a-10ff-485b-a3f6-1f8ece8e9344@sirjofri.de> <51CA2B17-9324-4D5E-957D-7BFB7FDF7892@stanleylieber.com> <77DF150E-1F8B-4D9E-B143-1DAC71BF2915@stanleylieber.com> From: hiro <23hiro@gmail.com> Date: Fri, 22 Jan 2021 18:04:35 +0100 Message-ID: To: 9front@9front.org Content-Type: text/plain; charset="UTF-8" List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: pipelining rails WEB2.0 over TOR STM storage Subject: Re: [9front] Re: [9front] Re: [9front] fqa 7.3.3.1 - Stop cwfs from allowing user none to attach without authentication Reply-To: 9front@9front.org Precedence: bulk yep, it's very unusual. out of their view perhaps less so: why did you give the address a public ip address if you didn't want the world to access it? but i agree of course we need a proper guideline now how to secure a system at least a minimal extent... otoh, instead of a guideline, perhaps it's better to change the defaults. if all the /rc/bin/service* stuff starts by default, it has to be guaranteed that it's safe by default, IMO. On 1/22/21, Stanley Lieber wrote: > On January 22, 2021 11:07:22 AM EST, hiro <23hiro@gmail.com> wrote: >>> they can read any world readable file on the system >> >>sounds like it works as intended, thus the word world. >> >>to reject world access without the nonone (which sounds like a hack) >>on our default installed fileservers requires some configuration >>changes as it clearly isn't the default on unix and never was. >> >>unless there are cases where you cannot just revoke world access by >>changing those permissions on the filesystem, i would say there is no >>problem. >> >>you can never change permissions inside the '#' devices, so there >>might be multiple problems hidden there. >> >>do i understand correctly that #p access is always a problem? it would >>be good to make a list. >> >>On 1/22/21, Stanley Lieber wrote: >>> On January 22, 2021 1:27:48 AM EST, sirjofri >>> wrote: >>>>Hello sl, >>>> >>>>22.01.2021 03:39:18 sl@stanleylieber.com: >>>>> echo nonone >>/srv/cwfs.cmd >>>> >>>>Is there some good reason why/when I should do this? How does none >>>>authenticate? >>>> >>>>Does this just disable all anonymous access to the fileserver, like web >>>>servers? >>>> >>>>sirjofri >>>> >>> >>> my understanding is when you enable cwfs network listener user none is >>> allowed to attach over the network by default, no authentication >>> required. >>> this means they can read any world readable file on the system. >>> >>> as far as i can tell nonone is undocumented, but it's in the source. >>> you'd >>> want to use nonone at boot time (in cpurc, for example). >>> >>> i had this in my own cpurc on my ancient cwfs system, iirc it was cinap >>> who >>> told me to do it. somehow i failed to add this to the fqa until now. >>> >>> sl >>> >> > > the surprise gotcha is that by default anyone at all can attach to your fs > without explicit permission. "world readable" is understood to mean anyone > on the system. it wasn't expected that the world has access to the system. > > sl >