From: hiro <23hiro@gmail.com>
To: 9front@9front.org
Subject: Re: [9front] Re: [9front] fqa 7.3.3.1 - Stop cwfs from allowing user none to attach without authentication
Date: Fri, 22 Jan 2021 17:07:22 +0100 [thread overview]
Message-ID: <CAFSF3XN=vqdLCL00TJddr3aNE+QaFkfpFubDH-WuGC+L2ZayBQ@mail.gmail.com> (raw)
In-Reply-To: <51CA2B17-9324-4D5E-957D-7BFB7FDF7892@stanleylieber.com>
> they can read any world readable file on the system
sounds like it works as intended, thus the word world.
to reject world access without the nonone (which sounds like a hack)
on our default installed fileservers requires some configuration
changes as it clearly isn't the default on unix and never was.
unless there are cases where you cannot just revoke world access by
changing those permissions on the filesystem, i would say there is no
problem.
you can never change permissions inside the '#' devices, so there
might be multiple problems hidden there.
do i understand correctly that #p access is always a problem? it would
be good to make a list.
On 1/22/21, Stanley Lieber <sl@stanleylieber.com> wrote:
> On January 22, 2021 1:27:48 AM EST, sirjofri
> <sirjofri+ml-9front@sirjofri.de> wrote:
>>Hello sl,
>>
>>22.01.2021 03:39:18 sl@stanleylieber.com:
>>> echo nonone >>/srv/cwfs.cmd
>>
>>Is there some good reason why/when I should do this? How does none
>>authenticate?
>>
>>Does this just disable all anonymous access to the fileserver, like web
>>servers?
>>
>>sirjofri
>>
>
> my understanding is when you enable cwfs network listener user none is
> allowed to attach over the network by default, no authentication required.
> this means they can read any world readable file on the system.
>
> as far as i can tell nonone is undocumented, but it's in the source. you'd
> want to use nonone at boot time (in cpurc, for example).
>
> i had this in my own cpurc on my ancient cwfs system, iirc it was cinap who
> told me to do it. somehow i failed to add this to the fqa until now.
>
> sl
>
next prev parent reply other threads:[~2021-01-22 16:33 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-22 2:39 sl
2021-01-22 6:27 ` sirjofri
2021-01-22 15:48 ` [9front] " Stanley Lieber
2021-01-22 16:07 ` hiro [this message]
2021-01-22 16:34 ` [9front] " Stanley Lieber
2021-01-22 17:04 ` hiro
2021-01-22 18:19 ` [9front] " Stanley Lieber
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAFSF3XN=vqdLCL00TJddr3aNE+QaFkfpFubDH-WuGC+L2ZayBQ@mail.gmail.com' \
--to=23hiro@gmail.com \
--cc=9front@9front.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).