[9front] fqa 7.3.3.1 - Stop cwfs from allowing user none to attach without authentication

9front - general discussion about 9front
 help / color / mirror / Atom feed

* [9front] fqa 7.3.3.1 - Stop cwfs from allowing user none to attach without authentication
@ 2021-01-22  2:39 sl
  2021-01-22  6:27 ` sirjofri
  0 siblings, 1 reply; 7+ messages in thread
From: sl @ 2021-01-22  2:39 UTC (permalink / raw)
  To: 9front

fyi:

echo nonone >>/srv/cwfs.cmd

sl

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [9front] fqa 7.3.3.1 - Stop cwfs from allowing user none to attach without authentication
  2021-01-22  2:39 [9front] fqa 7.3.3.1 - Stop cwfs from allowing user none to attach without authentication sl
@ 2021-01-22  6:27 ` sirjofri
  2021-01-22 15:48   ` [9front] " Stanley Lieber
  0 siblings, 1 reply; 7+ messages in thread
From: sirjofri @ 2021-01-22  6:27 UTC (permalink / raw)
  To: 9front

Hello sl,

22.01.2021 03:39:18 sl@stanleylieber.com:
> echo nonone >>/srv/cwfs.cmd

Is there some good reason why/when I should do this? How does none 
authenticate?

Does this just disable all anonymous access to the fileserver, like web 
servers?

sirjofri

^ permalink raw reply	[flat|nested] 7+ messages in thread

* [9front] Re: [9front] fqa 7.3.3.1 - Stop cwfs from allowing user none to attach without authentication
  2021-01-22  6:27 ` sirjofri
@ 2021-01-22 15:48   ` Stanley Lieber
  2021-01-22 16:07     ` hiro
  0 siblings, 1 reply; 7+ messages in thread
From: Stanley Lieber @ 2021-01-22 15:48 UTC (permalink / raw)
  To: 9front

On January 22, 2021 1:27:48 AM EST, sirjofri <sirjofri+ml-9front@sirjofri.de> wrote:
>Hello sl,
>
>22.01.2021 03:39:18 sl@stanleylieber.com:
>> echo nonone >>/srv/cwfs.cmd
>
>Is there some good reason why/when I should do this? How does none 
>authenticate?
>
>Does this just disable all anonymous access to the fileserver, like web 
>servers?
>
>sirjofri
>

my understanding is when you enable cwfs network listener user none is allowed to attach over the network by default, no authentication required. this means they can read any world readable file on the system.

as far as i can tell nonone is undocumented, but it's in the source. you'd want to use nonone at boot time (in cpurc, for example).

i had this in my own cpurc on my ancient cwfs system, iirc it was cinap who told me to do it. somehow i failed to add this to the fqa until now.

sl

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [9front] Re: [9front] fqa 7.3.3.1 - Stop cwfs from allowing user none to attach without authentication
  2021-01-22 15:48   ` [9front] " Stanley Lieber
@ 2021-01-22 16:07     ` hiro
  2021-01-22 16:34       ` [9front] " Stanley Lieber
  0 siblings, 1 reply; 7+ messages in thread
From: hiro @ 2021-01-22 16:07 UTC (permalink / raw)
  To: 9front

> they can read any world readable file on the system

sounds like it works as intended, thus the word world.

to reject world access without the nonone (which sounds like a hack)
on our default installed fileservers requires some configuration
changes as it clearly isn't the default on unix and never was.

unless there are cases where you cannot just revoke world access by
changing those permissions on the filesystem, i would say there is no
problem.

you can never change permissions inside the '#' devices, so there
might be multiple problems hidden there.

do i understand correctly that #p access is always a problem? it would
be good to make a list.

On 1/22/21, Stanley Lieber <sl@stanleylieber.com> wrote:
> On January 22, 2021 1:27:48 AM EST, sirjofri
> <sirjofri+ml-9front@sirjofri.de> wrote:
>>Hello sl,
>>
>>22.01.2021 03:39:18 sl@stanleylieber.com:
>>> echo nonone >>/srv/cwfs.cmd
>>
>>Is there some good reason why/when I should do this? How does none
>>authenticate?
>>
>>Does this just disable all anonymous access to the fileserver, like web
>>servers?
>>
>>sirjofri
>>
>
> my understanding is when you enable cwfs network listener user none is
> allowed to attach over the network by default, no authentication required.
> this means they can read any world readable file on the system.
>
> as far as i can tell nonone is undocumented, but it's in the source. you'd
> want to use nonone at boot time (in cpurc, for example).
>
> i had this in my own cpurc on my ancient cwfs system, iirc it was cinap who
> told me to do it. somehow i failed to add this to the fqa until now.
>
> sl
>

^ permalink raw reply	[flat|nested] 7+ messages in thread

* [9front] Re: [9front] Re: [9front] fqa 7.3.3.1 - Stop cwfs from allowing user none to attach without authentication
  2021-01-22 16:07     ` hiro
@ 2021-01-22 16:34       ` Stanley Lieber
  2021-01-22 17:04         ` hiro
  0 siblings, 1 reply; 7+ messages in thread
From: Stanley Lieber @ 2021-01-22 16:34 UTC (permalink / raw)
  To: 9front

On January 22, 2021 11:07:22 AM EST, hiro <23hiro@gmail.com> wrote:
>> they can read any world readable file on the system
>
>sounds like it works as intended, thus the word world.
>
>to reject world access without the nonone (which sounds like a hack)
>on our default installed fileservers requires some configuration
>changes as it clearly isn't the default on unix and never was.
>
>unless there are cases where you cannot just revoke world access by
>changing those permissions on the filesystem, i would say there is no
>problem.
>
>you can never change permissions inside the '#' devices, so there
>might be multiple problems hidden there.
>
>do i understand correctly that #p access is always a problem? it would
>be good to make a list.
>
>On 1/22/21, Stanley Lieber <sl@stanleylieber.com> wrote:
>> On January 22, 2021 1:27:48 AM EST, sirjofri
>> <sirjofri+ml-9front@sirjofri.de> wrote:
>>>Hello sl,
>>>
>>>22.01.2021 03:39:18 sl@stanleylieber.com:
>>>> echo nonone >>/srv/cwfs.cmd
>>>
>>>Is there some good reason why/when I should do this? How does none
>>>authenticate?
>>>
>>>Does this just disable all anonymous access to the fileserver, like web
>>>servers?
>>>
>>>sirjofri
>>>
>>
>> my understanding is when you enable cwfs network listener user none is
>> allowed to attach over the network by default, no authentication required.
>> this means they can read any world readable file on the system.
>>
>> as far as i can tell nonone is undocumented, but it's in the source. you'd
>> want to use nonone at boot time (in cpurc, for example).
>>
>> i had this in my own cpurc on my ancient cwfs system, iirc it was cinap who
>> told me to do it. somehow i failed to add this to the fqa until now.
>>
>> sl
>>
>

the surprise gotcha is that by default anyone at all can attach to your fs without explicit permission. "world readable" is understood to mean anyone on the system. it wasn't expected that the world has access to the system.

sl

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [9front] Re: [9front] Re: [9front] fqa 7.3.3.1 - Stop cwfs from allowing user none to attach without authentication
  2021-01-22 16:34       ` [9front] " Stanley Lieber
@ 2021-01-22 17:04         ` hiro
  2021-01-22 18:19           ` [9front] " Stanley Lieber
  0 siblings, 1 reply; 7+ messages in thread
From: hiro @ 2021-01-22 17:04 UTC (permalink / raw)
  To: 9front

yep, it's very unusual.

out of their view perhaps less so: why did you give the address a
public ip address if you didn't want the world to access it?

but i agree of course we need a proper guideline now how to secure a
system at least a minimal extent...

otoh, instead of a guideline, perhaps it's better to change the
defaults. if all the /rc/bin/service* stuff starts by default, it has
to be guaranteed that it's safe by default, IMO.

On 1/22/21, Stanley Lieber <sl@stanleylieber.com> wrote:
> On January 22, 2021 11:07:22 AM EST, hiro <23hiro@gmail.com> wrote:
>>> they can read any world readable file on the system
>>
>>sounds like it works as intended, thus the word world.
>>
>>to reject world access without the nonone (which sounds like a hack)
>>on our default installed fileservers requires some configuration
>>changes as it clearly isn't the default on unix and never was.
>>
>>unless there are cases where you cannot just revoke world access by
>>changing those permissions on the filesystem, i would say there is no
>>problem.
>>
>>you can never change permissions inside the '#' devices, so there
>>might be multiple problems hidden there.
>>
>>do i understand correctly that #p access is always a problem? it would
>>be good to make a list.
>>
>>On 1/22/21, Stanley Lieber <sl@stanleylieber.com> wrote:
>>> On January 22, 2021 1:27:48 AM EST, sirjofri
>>> <sirjofri+ml-9front@sirjofri.de> wrote:
>>>>Hello sl,
>>>>
>>>>22.01.2021 03:39:18 sl@stanleylieber.com:
>>>>> echo nonone >>/srv/cwfs.cmd
>>>>
>>>>Is there some good reason why/when I should do this? How does none
>>>>authenticate?
>>>>
>>>>Does this just disable all anonymous access to the fileserver, like web
>>>>servers?
>>>>
>>>>sirjofri
>>>>
>>>
>>> my understanding is when you enable cwfs network listener user none is
>>> allowed to attach over the network by default, no authentication
>>> required.
>>> this means they can read any world readable file on the system.
>>>
>>> as far as i can tell nonone is undocumented, but it's in the source.
>>> you'd
>>> want to use nonone at boot time (in cpurc, for example).
>>>
>>> i had this in my own cpurc on my ancient cwfs system, iirc it was cinap
>>> who
>>> told me to do it. somehow i failed to add this to the fqa until now.
>>>
>>> sl
>>>
>>
>
> the surprise gotcha is that by default anyone at all can attach to your fs
> without explicit permission. "world readable" is understood to mean anyone
> on the system. it wasn't expected that the world has access to the system.
>
> sl
>

^ permalink raw reply	[flat|nested] 7+ messages in thread

* [9front] Re: [9front] Re: [9front] Re: [9front] fqa 7.3.3.1 - Stop cwfs from allowing user none to attach without authentication
  2021-01-22 17:04         ` hiro
@ 2021-01-22 18:19           ` Stanley Lieber
  0 siblings, 0 replies; 7+ messages in thread
From: Stanley Lieber @ 2021-01-22 18:19 UTC (permalink / raw)
  To: 9front

On January 22, 2021 12:04:35 PM EST, hiro <23hiro@gmail.com> wrote:
>yep, it's very unusual.
>
>out of their view perhaps less so: why did you give the address a
>public ip address if you didn't want the world to access it?
>
>but i agree of course we need a proper guideline now how to secure a
>system at least a minimal extent...
>
>otoh, instead of a guideline, perhaps it's better to change the
>defaults. if all the /rc/bin/service* stuff starts by default, it has
>to be guaranteed that it's safe by default, IMO.
>
>On 1/22/21, Stanley Lieber <sl@stanleylieber.com> wrote:
>> On January 22, 2021 11:07:22 AM EST, hiro <23hiro@gmail.com> wrote:
>>>> they can read any world readable file on the system
>>>
>>>sounds like it works as intended, thus the word world.
>>>
>>>to reject world access without the nonone (which sounds like a hack)
>>>on our default installed fileservers requires some configuration
>>>changes as it clearly isn't the default on unix and never was.
>>>
>>>unless there are cases where you cannot just revoke world access by
>>>changing those permissions on the filesystem, i would say there is no
>>>problem.
>>>
>>>you can never change permissions inside the '#' devices, so there
>>>might be multiple problems hidden there.
>>>
>>>do i understand correctly that #p access is always a problem? it would
>>>be good to make a list.
>>>
>>>On 1/22/21, Stanley Lieber <sl@stanleylieber.com> wrote:
>>>> On January 22, 2021 1:27:48 AM EST, sirjofri
>>>> <sirjofri+ml-9front@sirjofri.de> wrote:
>>>>>Hello sl,
>>>>>
>>>>>22.01.2021 03:39:18 sl@stanleylieber.com:
>>>>>> echo nonone >>/srv/cwfs.cmd
>>>>>
>>>>>Is there some good reason why/when I should do this? How does none
>>>>>authenticate?
>>>>>
>>>>>Does this just disable all anonymous access to the fileserver, like web
>>>>>servers?
>>>>>
>>>>>sirjofri
>>>>>
>>>>
>>>> my understanding is when you enable cwfs network listener user none is
>>>> allowed to attach over the network by default, no authentication
>>>> required.
>>>> this means they can read any world readable file on the system.
>>>>
>>>> as far as i can tell nonone is undocumented, but it's in the source.
>>>> you'd
>>>> want to use nonone at boot time (in cpurc, for example).
>>>>
>>>> i had this in my own cpurc on my ancient cwfs system, iirc it was cinap
>>>> who
>>>> told me to do it. somehow i failed to add this to the fqa until now.
>>>>
>>>> sl
>>>>
>>>
>>
>> the surprise gotcha is that by default anyone at all can attach to your fs
>> without explicit permission. "world readable" is understood to mean anyone
>> on the system. it wasn't expected that the world has access to the system.
>>
>> sl
>>
>

yes. we did disable more listeners than labs had by default. i have no idea why nonone was never changed.

sl

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2021-01-22 18:46 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-22  2:39 [9front] fqa 7.3.3.1 - Stop cwfs from allowing user none to attach without authentication sl
2021-01-22  6:27 ` sirjofri
2021-01-22 15:48   ` [9front] " Stanley Lieber
2021-01-22 16:07     ` hiro
2021-01-22 16:34       ` [9front] " Stanley Lieber
2021-01-22 17:04         ` hiro
2021-01-22 18:19           ` [9front] " Stanley Lieber

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).