ref: cce04aa6a0a914939a940521f512fde9cf9b0463
parent: 88815a391196691d071bb9e4586be49073e096d7
author: sl <[email protected]>
date: Mon Jan 25 13:30:50 EST 2021
fqa.ms, fqa7.ms: add 7.3.3.1.1 - notes on user none
--- a/fqa.ms
+++ b/fqa.ms
@@ -973,6 +973,14 @@
7.3.3 - Setting up a listener for network connections
.ihtml a
+.ihtml a <a href="fqa7.html#7.3.3.1">
+7.3.3.1 - Stop cwfs from allowing user none to attach without authentication
+.ihtml a
+
+.ihtml a <a href="fqa7.html#7.3.3.1.1">
+7.3.3.1.1 - notes on user none
+.ihtml a
+
.ihtml a <a href="fqa7.html#7.3.4">
7.3.4 - Mounting a file system from userspace
.ihtml a
--- a/fqa7.ms
+++ b/fqa7.ms
@@ -747,6 +747,84 @@
echo nonone >>/srv/cwfs.cmd
.P2
+.html - <a name="7.3.3.1.1" />
+.ihtml h3 <h3>
+.SH
+7.3.3.1.1 - notes on user none
+.R
+.ihtml h3
+
+.I /sys/src/9/port/chan.c:1321,1335
+
+.P1
+Date: Fri, 22 Jan 2021 15:44:05 -0800
+From: Anthony Martin <[email protected]>
+To: [email protected]
+Subject: [9front] notes on user none
+Reply-To: [email protected]
+
+I remembered investigating the restrictions on user none
+in the past so I went and dug out my notes. They're only
+applicable to fossil and cwfs, though, so someone else
+will have to go through the hjfs code to compare.
+
+The notes are attached below.
+
+Cheers,
+ Anthony
+
+# from /sys/doc/9.ms
+Finally, a special user called none has no password and is always
+allowed to connect; anyone may claim to be none. None has restricted
+permissions; for example, it is not allowed to examine dump files and
+can read only world-readable files.
+
+# from /sys/doc/auth.ms
+Factotum is the only process that needs to create capabilities, so all
+the network servers can run as untrusted users (e.g., Plan 9's none or
+Unix's nobody), which greatly reduces the harm done if a server is
+buggy and is compromised.
+
+
+# kernel
+- documented
+ - anyone can become none with none(8)
+- undocumented
+ - eve can change the owner of proc(3) files to none
+ - none cannot use proc(3) to view or modify the state of other processes
+ - none cannot create shr(3) files on 9front
+
+# cwfs(4) and fossil(4)
+- documented
+ - none cannot authenticate a connection
+ - auth(5) with uname "none" returns Rerror
+ - none can be chaperoned on authenticated connections
+ - attach(5) with afid NOFID sets uname to "none"
+ - none has minimal access permissions (i.e. "world" or "other")
+ - users in the "noworld" group are denied world access permissions
+- undocumented
+ - none cannot be a group leader
+ - wstat(5) is limited
+
+# fossil(4)
+- documented
+ - none cannot attach to an unauthenticated connection
+ - unless the -N flag is given to listen or srv
+ - users not in the "write" group cannot modify the file system
+ - unless the group doesn't exist
+- undocumented
+ - none cannot modify file status information
+ - wstat(5) returns Rerror
+
+# cwfs(4)
+- documented
+ - none *can* attach to an unauthenticated connection
+ - unless the nonone flag is set on 9front (undocumented)
+- undocumented
+ - none cannot attach to the dump file system
+ - attach(5) returns Rerror
+.P2
+
.html - <a name="7.3.4" />
.ihtml h3 <h3>
.SH