9fans archive / 1998 / 05 / 5 /    prev next

From: miller@ham... miller@ham...
Subject: [9fans] more secure kfs
Date: Sat, 2 May 1998 10:48:14 BST

Kenji Arisawa <arisawa@aic...> asks:

> Does anyone has a patch to kfs that enables more secure kfs?
> 
> I would like to prohibit some kfs commands by the user who is
> not the owner of /dev/hd0*

It's simple to prohibit *all* kfs commands except from hostowner,
by changing main.c as shown below.  A filter program could then
be started from cpurc to accept commands on another /srv file
and pass the safe ones (sync?) to /srv.kfs [left as an exercise
for the reader].

==========================================
diff /sys/src/cmd/disk/kfs/main.c main.c
11c11
< int	srvfd(char*, int);
---
> int     srvfd(char*, int, int);
296c296
< 	srvfd(buf, p[0]);
---
> 	srvfd(buf, p[0], 0600);
398c398
< 	srvfd(buf, sfd);
---
> 	srvfd(buf, sfd, 0666);
412c412
< srvfd(char *s, int sfd)
---
> srvfd(char *s, int sfd, int perm)
417c417
< 	fd = create(s, OWRITE, 0666);
---
> 	fd = create(s, OWRITE, perm);
420c420
< 		fd = create(s, OWRITE, 0666);
---
> 		fd = create(s, OWRITE, perm);
==========================================

-- Richard Miller