From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <9front-bounces@9front.inri.net> X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: ** X-Spam-Status: No, score=3.0 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_SBL_CSS, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.4 Received: from 9front.inri.net (9front.inri.net [168.235.81.73]) by inbox.vuxu.org (Postfix) with ESMTP id C40262D193 for ; Sun, 25 Aug 2024 00:20:34 +0200 (CEST) Received: from mail.posixcafe.org ([45.76.19.58]) by 9front; Sat Aug 24 18:18:16 -0400 2024 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=posixcafe.org; s=20200506; t=1724537893; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=TFb+HWCq1GqC52njgomAyA8yyFUP4B12U5fglkeRtTo=; b=x5NzqfYvzFFgRHAK6E4nQ8w9OftOQR3AtgekXu/eivptZPMn+rpnWBSgkyX522JyL7cnUG qGpeFzl4ih5aXKahosIuxo/5kPe6cDAviXXiqvLMlbM7Im7y8yVu7QicjkU9VhLLo7YkD+ lnKo1/4CCnr6B31OEvmv72C3AzMqN4k= Received: from [192.168.168.200] ( [207.45.82.38]) by mail.posixcafe.org (OpenSMTPD) with ESMTPSA id 504e9075 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <9front@9front.org>; Sat, 24 Aug 2024 17:18:13 -0500 (CDT) Message-ID: Date: Sat, 24 Aug 2024 17:18:15 -0500 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird To: 9front@9front.org References: Content-Language: en-US From: Jacob Moody In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: open-source optimized high-performance-oriented locator Subject: Re: [9front] patch your shit Reply-To: 9front@9front.org Precedence: bulk !WARNING! As of the time of this writing (Sat Aug 24 22:17:26 GMT 2024) there is an issue with this patch which causes hjfs to not permit none attaches. This is currently being worked on and I suspect we'll have a solution within the next couple hours but those running a hjfs CPU server may want to avoid updating immediately. I will respond promptly to this thread once this bug has been patched, and I feel it is safe to update these systems. I will provide a further write up once there is a fix for the fix added. - moody On 8/24/24 14:08, hiro wrote: > some people did something that increases security apparently. so patch > your shit. > > ref: 07aa9bfeef55ca987d411115adcfbbd4390ecf34 > parent: b05c74e7cb160f152e2f2cc2f6e0677763f8d57e > author: Jacob Moody > date: Sat Aug 24 12:58:31 EDT 2024 > > lib9p: verify uname against returned AuthInfo from factotum (thanks humm) > > Before this it was possible to Tauth and Tattach with one > user name and then authenticate with factotum using a different > user name. To fix this we now ensure that the uname matches the returned > cuid from AuthInfo. > > This security bug is still pending a cute mascot and theme song. > > > mein name ist hase. bye.