ref: 39347ab47dab6c556bb37ced7526bfcc8de4cf9b
parent: 162ce8d8bbdef0f34ac7f579065f1ea8409218b5
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Wed Feb 24 19:39:41 EST 2016
don't expose secstore secrets in /mnt/term/dev/secstore this feature is too dangerous. i can imagine it being there so a server side factotum can use the drawterms secstore keys that it already loaded, but this makes it just too easy to steal the keys. now we zero the secstorebuf after we extracted the plan9 key from it so no secrets are left behind in drawterms memory after authentication is done.
--- a/cpu.c
+++ b/cpu.c
@@ -637,6 +637,8 @@
u = user;
pass = findkey(&u, tr.authdom, proto);
+ memset(secstorebuf, 0, sizeof(secstorebuf)); /* forget secstore secrets */
+
if(pass == nil)
again:
pass = getkey(u, tr.authdom, proto);
--- a/kern/devcons.c
+++ b/kern/devcons.c
@@ -464,7 +464,6 @@
Qppid,
Qrandom,
Qreboot,
- Qsecstore,
Qshowfile,
Qsnarf,
Qswap,
@@ -498,7 +497,6 @@
"ppid", {Qppid}, NUMSIZE, 0444,
"random", {Qrandom}, 0, 0444,
"reboot", {Qreboot}, 0, 0664,
- "secstore", {Qsecstore}, 0, 0666,
"showfile", {Qshowfile}, 0, 0220,
"snarf", {Qsnarf}, 0, 0666,
"swap", {Qswap}, 0, 0664,
@@ -509,8 +507,6 @@
"zero", {Qzero}, 0, 0444,
};
-char secstorebuf[65536];
-Dirtab *secstoretab = &consdir[Qsecstore];
Dirtab *snarftab = &consdir[Qsnarf];
int
@@ -605,13 +601,6 @@
c->iounit = qiomaxatomic;
break;
- case Qsecstore:
- if(omode == ORDWR)
- error(Eperm);
- if(omode != OREAD)
- memset(secstorebuf, 0, sizeof secstorebuf);
- break;
-
case Qsnarf:
if(omode == ORDWR)
error(Eperm);
@@ -765,9 +754,6 @@
return 0;
return readstr(offset, buf, n, c->aux);
- case Qsecstore:
- return readstr(offset, buf, n, secstorebuf);
-
case Qsysstat:
return 0;
@@ -914,13 +900,6 @@
poperror();
free(cb);
break;
-
- case Qsecstore:
- if(offset >= sizeof secstorebuf || offset+n+1 >= sizeof secstorebuf)
- error(Etoobig);
- secstoretab->qid.vers++;
- memmove(secstorebuf+offset, va, n);
- return n;
case Qshowfile:
return showfilewrite(a, n);
--- a/main.c
+++ b/main.c
@@ -8,6 +8,7 @@
char *argv0;
char *user;
+char secstorebuf[65536];
extern int errfmt(Fmt*);
void