[9front] add "-n namespace-file" flag to tftpd

[9front] add "-n namespace-file" flag to tftpd

[Silas McCroskey]

tftpd currently unconditionally sets its namespace via /lib/namespace
(newns("none", nil)), which stymied my attempts to pxe boot the
openbsd installer without creating a real /etc dir on 9front, which
would've been gross.

I tried working around this with -h (and -r for good measure), but
again hit issues because the namespace is rebuilt from scratch -- any
binds of /386, /amd64, /cfg/pxe, etc. into the tftp-specific directory
disappeared from tftpd's namespace and rendered my *9front* boxes
unable to boot. I could maintain copies of the needed files in the
tftp-specific directory, but that'd be kind of a drag.

The following patch adds a -n flag to allow the specification of a
namespace file in place of /lib/namespace; similar to ip/ftpd.

I thought about setting up a /lib/namespace.tftp to act as a default
rather than continuing to use /lib/namespace by default (which
security-wise is about the same as allowing 9p mounts by user none,
which I also have disabled), but I had trouble coming up with a sane
default. Maybe someone more experienced would like to try that out.

- sam-d

---

diff -r 6f8455ea95e6 sys/man/8/dhcpd
--- a/sys/man/8/dhcpd    Sat Jan 23 04:21:08 2021 +0000
+++ b/sys/man/8/dhcpd    Mon Feb 08 06:21:48 2021 +0000
@@ -42,6 +42,8 @@
 .IR homedir ]
 .RB [ -x
 .IR netmtpt ]
+.RB [ -n
+.IR namespace-file ]
 .SH DESCRIPTION
 These programs support booting over the Internet.
 They should all be run on the same server to
@@ -318,6 +320,9 @@
 .B r
 Restricts access to only those files rooted in the
 .IR homedir .
+.TP
+.B n
+Sets the namespace file (default /lib/namespace).
 .PD
 .SH FILES
 .BR /lib/ndb/dhcp "    directory of dynamic address files
diff -r 6f8455ea95e6 sys/src/cmd/ip/tftpd.c
--- a/sys/src/cmd/ip/tftpd.c    Sat Jan 23 04:21:08 2021 +0000
+++ b/sys/src/cmd/ip/tftpd.c    Mon Feb 08 06:21:48 2021 +0000
@@ -93,6 +93,7 @@
 char    *dirsl;
 int    dirsllen;
 char    *homedir = "/";
+char    *nsfile = nil;
 char    flog[] = "ipboot";
 char    net[Maxpath];

@@ -138,6 +139,9 @@
     case 'x':
         setnetmtpt(net, sizeof net, EARGF(usage()));
         break;
+    case 'n':
+        nsfile = EARGF(usage());
+        break;
     default:
         usage();
     }ARGEND
@@ -744,7 +748,7 @@
     if(fd < 0 || write(fd, "none", strlen("none")) < 0)
         sysfatal("can't become none: %r");
     close(fd);
-    if(newns("none", nil) < 0)
+    if(newns("none", nsfile) < 0)
         sysfatal("can't build namespace: %r");
 }

[9front] Re: add "-n namespace-file" flag to tftpd

[Silas McCroskey]

[-- Attachment #1: Type: text/plain, Size: 135 bytes --]

wow, I never realized gmail's plaintext mode suckage extended to
converting tabs to spaces as well. Attaching separately too.

- sam-d

[-- Attachment #2.1: Type: text/plain, Size: 383 bytes --]

from postmaster@1ess:
The following attachment had content that we can't
prove to be harmless.  To avoid possible automatic
execution, we changed the content headers.
The original header was:

	Content-Type: text/x-patch; charset="US-ASCII"; name="tftpd-n.patch"
	Content-Disposition: attachment; filename="tftpd-n.patch"
	Content-Transfer-Encoding: base64
	Content-ID: <f_kkw723og0>

[-- Attachment #2.2: tftpd-n.patch.suspect --]
[-- Type: application/octet-stream, Size: 1284 bytes --]

diff -r 6f8455ea95e6 sys/man/8/dhcpd
--- a/sys/man/8/dhcpd	Sat Jan 23 04:21:08 2021 +0000
+++ b/sys/man/8/dhcpd	Mon Feb 08 06:28:01 2021 +0000
@@ -42,6 +42,8 @@
 .IR homedir ]
 .RB [ -x
 .IR netmtpt ]
+.RB [ -n
+.IR namespace-file ]
 .SH DESCRIPTION
 These programs support booting over the Internet.
 They should all be run on the same server to
@@ -318,6 +320,9 @@
 .B r
 Restricts access to only those files rooted in the
 .IR homedir .
+.TP
+.B n
+Sets the namespace file (default /lib/namespace).
 .PD
 .SH FILES
 .BR /lib/ndb/dhcp "    directory of dynamic address files
diff -r 6f8455ea95e6 sys/src/cmd/ip/tftpd.c
--- a/sys/src/cmd/ip/tftpd.c	Sat Jan 23 04:21:08 2021 +0000
+++ b/sys/src/cmd/ip/tftpd.c	Mon Feb 08 06:28:01 2021 +0000
@@ -93,6 +93,7 @@
 char	*dirsl;
 int	dirsllen;
 char	*homedir = "/";
+char	*nsfile = nil;
 char	flog[] = "ipboot";
 char	net[Maxpath];
 
@@ -138,6 +139,9 @@
 	case 'x':
 		setnetmtpt(net, sizeof net, EARGF(usage()));
 		break;
+	case 'n':
+		nsfile = EARGF(usage());
+		break;
 	default:
 		usage();
 	}ARGEND
@@ -744,7 +748,7 @@
 	if(fd < 0 || write(fd, "none", strlen("none")) < 0)
 		sysfatal("can't become none: %r");
 	close(fd);
-	if(newns("none", nil) < 0)
+	if(newns("none", nsfile) < 0)
 		sysfatal("can't build namespace: %r");
 }
 

Re: [9front] add "-n namespace-file" flag to tftpd

[kvik]

Quoth Silas McCroskey <inkswinc@gmail.com>:
> The following patch adds a -n flag to allow the specification of a
> namespace file in place of /lib/namespace; similar to ip/ftpd.

You could bind your namespace file over /lib/namespace.
Probably something like:

	@{rfork n; bind /lib/namespace.tftpd /lib/namespace; ip/tftpd}

Re: [9front] add "-n namespace-file" flag to tftpd

[hiro]

> You could bind your namespace file over /lib/namespace.

hahahahahahaha how deep is that rabbit hole
this made my day.

On 2/8/21, kvik@a-b.xyz <kvik@a-b.xyz> wrote:
> Quoth Silas McCroskey <inkswinc@gmail.com>:
>> The following patch adds a -n flag to allow the specification of a
>> namespace file in place of /lib/namespace; similar to ip/ftpd.
>
> You could bind your namespace file over /lib/namespace.
> Probably something like:
>
> 	@{rfork n; bind /lib/namespace.tftpd /lib/namespace; ip/tftpd}
>
>