* [9front] fqa 7.3.3.1 - Stop cwfs from allowing user none to attach without authentication @ 2021-01-22 2:39 sl 2021-01-22 6:27 ` sirjofri 0 siblings, 1 reply; 7+ messages in thread From: sl @ 2021-01-22 2:39 UTC (permalink / raw) To: 9front fyi: echo nonone >>/srv/cwfs.cmd sl ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [9front] fqa 7.3.3.1 - Stop cwfs from allowing user none to attach without authentication 2021-01-22 2:39 [9front] fqa 7.3.3.1 - Stop cwfs from allowing user none to attach without authentication sl @ 2021-01-22 6:27 ` sirjofri 2021-01-22 15:48 ` [9front] " Stanley Lieber 0 siblings, 1 reply; 7+ messages in thread From: sirjofri @ 2021-01-22 6:27 UTC (permalink / raw) To: 9front Hello sl, 22.01.2021 03:39:18 sl@stanleylieber.com: > echo nonone >>/srv/cwfs.cmd Is there some good reason why/when I should do this? How does none authenticate? Does this just disable all anonymous access to the fileserver, like web servers? sirjofri ^ permalink raw reply [flat|nested] 7+ messages in thread
* [9front] Re: [9front] fqa 7.3.3.1 - Stop cwfs from allowing user none to attach without authentication 2021-01-22 6:27 ` sirjofri @ 2021-01-22 15:48 ` Stanley Lieber 2021-01-22 16:07 ` hiro 0 siblings, 1 reply; 7+ messages in thread From: Stanley Lieber @ 2021-01-22 15:48 UTC (permalink / raw) To: 9front On January 22, 2021 1:27:48 AM EST, sirjofri <sirjofri+ml-9front@sirjofri.de> wrote: >Hello sl, > >22.01.2021 03:39:18 sl@stanleylieber.com: >> echo nonone >>/srv/cwfs.cmd > >Is there some good reason why/when I should do this? How does none >authenticate? > >Does this just disable all anonymous access to the fileserver, like web >servers? > >sirjofri > my understanding is when you enable cwfs network listener user none is allowed to attach over the network by default, no authentication required. this means they can read any world readable file on the system. as far as i can tell nonone is undocumented, but it's in the source. you'd want to use nonone at boot time (in cpurc, for example). i had this in my own cpurc on my ancient cwfs system, iirc it was cinap who told me to do it. somehow i failed to add this to the fqa until now. sl ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [9front] Re: [9front] fqa 7.3.3.1 - Stop cwfs from allowing user none to attach without authentication 2021-01-22 15:48 ` [9front] " Stanley Lieber @ 2021-01-22 16:07 ` hiro 2021-01-22 16:34 ` [9front] " Stanley Lieber 0 siblings, 1 reply; 7+ messages in thread From: hiro @ 2021-01-22 16:07 UTC (permalink / raw) To: 9front > they can read any world readable file on the system sounds like it works as intended, thus the word world. to reject world access without the nonone (which sounds like a hack) on our default installed fileservers requires some configuration changes as it clearly isn't the default on unix and never was. unless there are cases where you cannot just revoke world access by changing those permissions on the filesystem, i would say there is no problem. you can never change permissions inside the '#' devices, so there might be multiple problems hidden there. do i understand correctly that #p access is always a problem? it would be good to make a list. On 1/22/21, Stanley Lieber <sl@stanleylieber.com> wrote: > On January 22, 2021 1:27:48 AM EST, sirjofri > <sirjofri+ml-9front@sirjofri.de> wrote: >>Hello sl, >> >>22.01.2021 03:39:18 sl@stanleylieber.com: >>> echo nonone >>/srv/cwfs.cmd >> >>Is there some good reason why/when I should do this? How does none >>authenticate? >> >>Does this just disable all anonymous access to the fileserver, like web >>servers? >> >>sirjofri >> > > my understanding is when you enable cwfs network listener user none is > allowed to attach over the network by default, no authentication required. > this means they can read any world readable file on the system. > > as far as i can tell nonone is undocumented, but it's in the source. you'd > want to use nonone at boot time (in cpurc, for example). > > i had this in my own cpurc on my ancient cwfs system, iirc it was cinap who > told me to do it. somehow i failed to add this to the fqa until now. > > sl > ^ permalink raw reply [flat|nested] 7+ messages in thread
* [9front] Re: [9front] Re: [9front] fqa 7.3.3.1 - Stop cwfs from allowing user none to attach without authentication 2021-01-22 16:07 ` hiro @ 2021-01-22 16:34 ` Stanley Lieber 2021-01-22 17:04 ` hiro 0 siblings, 1 reply; 7+ messages in thread From: Stanley Lieber @ 2021-01-22 16:34 UTC (permalink / raw) To: 9front On January 22, 2021 11:07:22 AM EST, hiro <23hiro@gmail.com> wrote: >> they can read any world readable file on the system > >sounds like it works as intended, thus the word world. > >to reject world access without the nonone (which sounds like a hack) >on our default installed fileservers requires some configuration >changes as it clearly isn't the default on unix and never was. > >unless there are cases where you cannot just revoke world access by >changing those permissions on the filesystem, i would say there is no >problem. > >you can never change permissions inside the '#' devices, so there >might be multiple problems hidden there. > >do i understand correctly that #p access is always a problem? it would >be good to make a list. > >On 1/22/21, Stanley Lieber <sl@stanleylieber.com> wrote: >> On January 22, 2021 1:27:48 AM EST, sirjofri >> <sirjofri+ml-9front@sirjofri.de> wrote: >>>Hello sl, >>> >>>22.01.2021 03:39:18 sl@stanleylieber.com: >>>> echo nonone >>/srv/cwfs.cmd >>> >>>Is there some good reason why/when I should do this? How does none >>>authenticate? >>> >>>Does this just disable all anonymous access to the fileserver, like web >>>servers? >>> >>>sirjofri >>> >> >> my understanding is when you enable cwfs network listener user none is >> allowed to attach over the network by default, no authentication required. >> this means they can read any world readable file on the system. >> >> as far as i can tell nonone is undocumented, but it's in the source. you'd >> want to use nonone at boot time (in cpurc, for example). >> >> i had this in my own cpurc on my ancient cwfs system, iirc it was cinap who >> told me to do it. somehow i failed to add this to the fqa until now. >> >> sl >> > the surprise gotcha is that by default anyone at all can attach to your fs without explicit permission. "world readable" is understood to mean anyone on the system. it wasn't expected that the world has access to the system. sl ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [9front] Re: [9front] Re: [9front] fqa 7.3.3.1 - Stop cwfs from allowing user none to attach without authentication 2021-01-22 16:34 ` [9front] " Stanley Lieber @ 2021-01-22 17:04 ` hiro 2021-01-22 18:19 ` [9front] " Stanley Lieber 0 siblings, 1 reply; 7+ messages in thread From: hiro @ 2021-01-22 17:04 UTC (permalink / raw) To: 9front yep, it's very unusual. out of their view perhaps less so: why did you give the address a public ip address if you didn't want the world to access it? but i agree of course we need a proper guideline now how to secure a system at least a minimal extent... otoh, instead of a guideline, perhaps it's better to change the defaults. if all the /rc/bin/service* stuff starts by default, it has to be guaranteed that it's safe by default, IMO. On 1/22/21, Stanley Lieber <sl@stanleylieber.com> wrote: > On January 22, 2021 11:07:22 AM EST, hiro <23hiro@gmail.com> wrote: >>> they can read any world readable file on the system >> >>sounds like it works as intended, thus the word world. >> >>to reject world access without the nonone (which sounds like a hack) >>on our default installed fileservers requires some configuration >>changes as it clearly isn't the default on unix and never was. >> >>unless there are cases where you cannot just revoke world access by >>changing those permissions on the filesystem, i would say there is no >>problem. >> >>you can never change permissions inside the '#' devices, so there >>might be multiple problems hidden there. >> >>do i understand correctly that #p access is always a problem? it would >>be good to make a list. >> >>On 1/22/21, Stanley Lieber <sl@stanleylieber.com> wrote: >>> On January 22, 2021 1:27:48 AM EST, sirjofri >>> <sirjofri+ml-9front@sirjofri.de> wrote: >>>>Hello sl, >>>> >>>>22.01.2021 03:39:18 sl@stanleylieber.com: >>>>> echo nonone >>/srv/cwfs.cmd >>>> >>>>Is there some good reason why/when I should do this? How does none >>>>authenticate? >>>> >>>>Does this just disable all anonymous access to the fileserver, like web >>>>servers? >>>> >>>>sirjofri >>>> >>> >>> my understanding is when you enable cwfs network listener user none is >>> allowed to attach over the network by default, no authentication >>> required. >>> this means they can read any world readable file on the system. >>> >>> as far as i can tell nonone is undocumented, but it's in the source. >>> you'd >>> want to use nonone at boot time (in cpurc, for example). >>> >>> i had this in my own cpurc on my ancient cwfs system, iirc it was cinap >>> who >>> told me to do it. somehow i failed to add this to the fqa until now. >>> >>> sl >>> >> > > the surprise gotcha is that by default anyone at all can attach to your fs > without explicit permission. "world readable" is understood to mean anyone > on the system. it wasn't expected that the world has access to the system. > > sl > ^ permalink raw reply [flat|nested] 7+ messages in thread
* [9front] Re: [9front] Re: [9front] Re: [9front] fqa 7.3.3.1 - Stop cwfs from allowing user none to attach without authentication 2021-01-22 17:04 ` hiro @ 2021-01-22 18:19 ` Stanley Lieber 0 siblings, 0 replies; 7+ messages in thread From: Stanley Lieber @ 2021-01-22 18:19 UTC (permalink / raw) To: 9front On January 22, 2021 12:04:35 PM EST, hiro <23hiro@gmail.com> wrote: >yep, it's very unusual. > >out of their view perhaps less so: why did you give the address a >public ip address if you didn't want the world to access it? > >but i agree of course we need a proper guideline now how to secure a >system at least a minimal extent... > >otoh, instead of a guideline, perhaps it's better to change the >defaults. if all the /rc/bin/service* stuff starts by default, it has >to be guaranteed that it's safe by default, IMO. > >On 1/22/21, Stanley Lieber <sl@stanleylieber.com> wrote: >> On January 22, 2021 11:07:22 AM EST, hiro <23hiro@gmail.com> wrote: >>>> they can read any world readable file on the system >>> >>>sounds like it works as intended, thus the word world. >>> >>>to reject world access without the nonone (which sounds like a hack) >>>on our default installed fileservers requires some configuration >>>changes as it clearly isn't the default on unix and never was. >>> >>>unless there are cases where you cannot just revoke world access by >>>changing those permissions on the filesystem, i would say there is no >>>problem. >>> >>>you can never change permissions inside the '#' devices, so there >>>might be multiple problems hidden there. >>> >>>do i understand correctly that #p access is always a problem? it would >>>be good to make a list. >>> >>>On 1/22/21, Stanley Lieber <sl@stanleylieber.com> wrote: >>>> On January 22, 2021 1:27:48 AM EST, sirjofri >>>> <sirjofri+ml-9front@sirjofri.de> wrote: >>>>>Hello sl, >>>>> >>>>>22.01.2021 03:39:18 sl@stanleylieber.com: >>>>>> echo nonone >>/srv/cwfs.cmd >>>>> >>>>>Is there some good reason why/when I should do this? How does none >>>>>authenticate? >>>>> >>>>>Does this just disable all anonymous access to the fileserver, like web >>>>>servers? >>>>> >>>>>sirjofri >>>>> >>>> >>>> my understanding is when you enable cwfs network listener user none is >>>> allowed to attach over the network by default, no authentication >>>> required. >>>> this means they can read any world readable file on the system. >>>> >>>> as far as i can tell nonone is undocumented, but it's in the source. >>>> you'd >>>> want to use nonone at boot time (in cpurc, for example). >>>> >>>> i had this in my own cpurc on my ancient cwfs system, iirc it was cinap >>>> who >>>> told me to do it. somehow i failed to add this to the fqa until now. >>>> >>>> sl >>>> >>> >> >> the surprise gotcha is that by default anyone at all can attach to your fs >> without explicit permission. "world readable" is understood to mean anyone >> on the system. it wasn't expected that the world has access to the system. >> >> sl >> > yes. we did disable more listeners than labs had by default. i have no idea why nonone was never changed. sl ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2021-01-22 18:46 UTC | newest] Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2021-01-22 2:39 [9front] fqa 7.3.3.1 - Stop cwfs from allowing user none to attach without authentication sl 2021-01-22 6:27 ` sirjofri 2021-01-22 15:48 ` [9front] " Stanley Lieber 2021-01-22 16:07 ` hiro 2021-01-22 16:34 ` [9front] " Stanley Lieber 2021-01-22 17:04 ` hiro 2021-01-22 18:19 ` [9front] " Stanley Lieber
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).