From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <9front-bounces@9front.inri.net>
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,
	T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4
Received: from 9front.inri.net (9front.inri.net [168.235.81.73])
	by inbox.vuxu.org (Postfix) with ESMTP id BD68B2CAFB
	for <ml@inbox.vuxu.org>; Sat, 24 Aug 2024 22:16:51 +0200 (CEST)
Received: from srv1.howhill.co.uk ([85.95.36.12]) by 9front; Sat Aug 24 16:15:04 -0400 2024
Received: from [192.168.1.223] (Ellychnia-corrusca.howhill.co.uk [192.168.1.223])
	(Authenticated sender: willow)
	by srv1.howhill.co.uk (Postfix) with ESMTPSA id 20C6D1AA78
	for <9front@9front.org>; Sat, 24 Aug 2024 21:15:02 +0100 (BST)
DKIM-Filter: OpenDKIM Filter v2.11.0 srv1.howhill.co.uk 20C6D1AA78
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=howhill.com;
	s=default; t=1724530502;
	bh=qrH815msPWlbOOyznbObQKWDLj1gD6h43rU/4yh7FfM=;
	h=Date:Subject:To:References:From:In-Reply-To:From;
	b=nIWP7U+QBkQxqED1RjUOUdETi6bIEtk1PSvBi/NwRCeBiPQiVOKHuAcUM6OtTLt+L
	 Fqcn+tduHLs72za+uurEzvp9UG+RaOxhcjCZ0MKszjDEL9ZarnfMbH0Y+2/6Ugk0mI
	 xWItUGESgcLUlpqLMXRS1VRAA4KPIuM3xl8fAiLS9ps7IEJWH+vj5zVtmWUklTqeiK
	 dpfO9xp2Jt6A7SHhS1SVbfLHmGBTgng9Ssh8HLZA1/Bn6/rSXqRMJxqMDREriz0tlC
	 IY5otxHVTbECZrVpvsDMiK6YNFGYpAyRYcSE8dtY0OAdVwlqSj2fWseTcdlKRNP+en
	 BbF3sqz18UFLQ==
Message-ID: <ae214b59-24be-41f5-b68a-75ddd54f185b@howhill.com>
Date: Sat, 24 Aug 2024 21:15:01 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: 9front@9front.org
References: <CAFSF3XO6BLKzBX1RgPYaxPSXF9NgNmTCm3XDWLiF1+KEi__=nQ@mail.gmail.com>
Content-Language: en-GB
From: Willow Liquorice <willow@howhill.com>
In-Reply-To: <CAFSF3XO6BLKzBX1RgPYaxPSXF9NgNmTCm3XDWLiF1+KEi__=nQ@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spamd-Result: default: False [-3.73 / 20.00];
	BAYES_HAM(-2.99)[99.94%];
	GENERIC_REPUTATION(-0.65)[-0.65347851040264];
	MIME_GOOD(-0.10)[text/plain];
	XM_UA_NO_VERSION(0.01)[];
	RCVD_COUNT_ZERO(0.00)[0];
	MIME_TRACE(0.00)[0:+];
	FROM_EQ_ENVFROM(0.00)[];
	FROM_HAS_DN(0.00)[];
	DBL_FAIL(0.00)[Ellychnia-corrusca.howhill.co.uk:server fail];
	TO_DN_NONE(0.00)[];
	MID_RHS_MATCH_FROM(0.00)[];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	RCPT_COUNT_ONE(0.00)[1]
X-Rspamd-Queue-Id: 20C6D1AA78
X-Rspamd-Server: srv1.howhill.co.uk
List-ID: <9front.9front.org>
List-Help: <http://lists.9front.org>
X-Glyph: ➈
X-Bullshit: immutable object-oriented singleton hypervisor software 
Subject: Re: [9front] patch your shit
Reply-To: 9front@9front.org
Precedence: bulk

e https://9front.org/
/Only three remote holes in the default install, in a heck of a long time!/
s/three/four
w https://9front.org/

	- Willow

On 24/08/2024 20:08, hiro wrote:
> some people did something that increases security apparently. so patch
> your shit.
> 
> ref: 07aa9bfeef55ca987d411115adcfbbd4390ecf34
> parent: b05c74e7cb160f152e2f2cc2f6e0677763f8d57e
> author: Jacob Moody <moody@posixcafe.org>
> date: Sat Aug 24 12:58:31 EDT 2024
> 
> lib9p: verify uname against returned AuthInfo from factotum (thanks humm)
> 
> Before this it was possible to Tauth and Tattach with one
> user name and then authenticate with factotum using a different
> user name. To fix this we now ensure that the uname matches the returned
> cuid from AuthInfo.
> 
> This security bug is still pending a cute mascot and theme song.
> 
> 
> mein name ist hase. bye.