shithub: drawterm

Download patch

ref: 39347ab47dab6c556bb37ced7526bfcc8de4cf9b
parent: 162ce8d8bbdef0f34ac7f579065f1ea8409218b5
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Wed Feb 24 18:39:41 EST 2016

don't expose secstore secrets in /mnt/term/dev/secstore

this feature is too dangerous. i can imagine it being there
so a server side factotum can use the drawterms secstore
keys that it already loaded, but this makes it just too easy
to steal the keys.

now we zero the secstorebuf after we extracted the plan9
key from it so no secrets are left behind in drawterms
memory after authentication is done.

--- a/cpu.c	Wed Feb 24 18:30:51 2016
+++ b/cpu.c	Wed Feb 24 18:39:41 2016
@@ -637,6 +637,8 @@
 
 	u = user;
 	pass = findkey(&u, tr.authdom, proto);
+	memset(secstorebuf, 0, sizeof(secstorebuf));	/* forget secstore secrets */
+
 	if(pass == nil)
 	again:
 		pass = getkey(u, tr.authdom, proto);
--- a/kern/devcons.c	Wed Feb 24 18:30:51 2016
+++ b/kern/devcons.c	Wed Feb 24 18:39:41 2016
@@ -464,7 +464,6 @@
 	Qppid,
 	Qrandom,
 	Qreboot,
-	Qsecstore,
 	Qshowfile,
 	Qsnarf,
 	Qswap,
@@ -498,7 +497,6 @@
 	"ppid",		{Qppid},	NUMSIZE,	0444,
 	"random",	{Qrandom},	0,		0444,
 	"reboot",	{Qreboot},	0,		0664,
-	"secstore",	{Qsecstore},	0,		0666,
 	"showfile",	{Qshowfile},	0,	0220,
 	"snarf",	{Qsnarf},		0,		0666,
 	"swap",		{Qswap},	0,		0664,
@@ -509,8 +507,6 @@
 	"zero",		{Qzero},	0,		0444,
 };
 
-char secstorebuf[65536];
-Dirtab *secstoretab = &consdir[Qsecstore];
 Dirtab *snarftab = &consdir[Qsnarf];
 
 int
@@ -605,13 +601,6 @@
 		c->iounit = qiomaxatomic;
 		break;
 
-	case Qsecstore:
-		if(omode == ORDWR)
-			error(Eperm);
-		if(omode != OREAD)
-			memset(secstorebuf, 0, sizeof secstorebuf);
-		break;
-
 	case Qsnarf:
 		if(omode == ORDWR)
 			error(Eperm);
@@ -765,9 +754,6 @@
 			return 0;
 		return readstr(offset, buf, n, c->aux);
 
-	case Qsecstore:
-		return readstr(offset, buf, n, secstorebuf);
-
 	case Qsysstat:
 		return 0;
 
@@ -914,13 +900,6 @@
 		poperror();
 		free(cb);
 		break;
-
-	case Qsecstore:
-		if(offset >= sizeof secstorebuf || offset+n+1 >= sizeof secstorebuf)
-			error(Etoobig);
-		secstoretab->qid.vers++;
-		memmove(secstorebuf+offset, va, n);
-		return n;
 
 	case Qshowfile:
 		return showfilewrite(a, n);
--- a/main.c	Wed Feb 24 18:30:51 2016
+++ b/main.c	Wed Feb 24 18:39:41 2016
@@ -8,6 +8,7 @@
 
 char *argv0;
 char *user;
+char secstorebuf[65536];
 
 extern int errfmt(Fmt*);
 void