Followup for HPR3675: Installing a Plan 9 CPU server, Plan 9 web server, clarifications on the path traversal bug, private namespaces to the rescue, web application security models

Installing Plan 9 with libvirt

[root@localhost]# virt-install -n 9pwn

--description "pre-patched rc-httpd"

--osinfo=unknown

--memory=4096

--vcpus=4

--disk path=/var/lib/libvirt/images/9pwn.qcows,bus=virtio,size=10

--graphics spice

--cdrom ~/Downloads/9front-8593.acc504c319a4b4188479cfa602e40cb6851c0528.amd64.iso

--network bridge=virbr0

[root@localhost]# virt-viewer 9pwn

How I find the IP of my guests and add it to my /etc/hosts for faster access.

[root@localhost]# virsh domiflist 9pwn

Interface Type Source Model MAC

----------------------------------------------------------

vnet3 bridge virbr0 e1000 52:54:00:43:8a:50

[root@localhost]# arp -e | grep 52:54:00:43:8a:50

192.168.122.20 ether 52:54:00:43:8a:50 C virbr0

[root@localhost]# echo cirno 192.168.122.20 >> /etc/hosts

Proceed as normal with a 9 installation

Set up CPU server with rc-httpd and werc

I wrote about configuring a CPU server and also mirrored the notes at my 9front webserver containing a mirror of my plan 9 related things (using self-signed certs but it's fine) I've snarfed+pasted it here for the sake of completeness and modified it slightly so that it's more accessible for other people. I've also revised these notes so that they're less-broken. I may or may not update them.

I'm using 9front for this. It has more secure authentication protocols when it comes to remotely connecting.

Configuring a CPU server

Add users to file server

Connect to the file server and add a new user called <ExampleUser> who is in the groups sys, adm, and upas

term% con -C /srv/cwfs.cmd

newuser <ExampleUser>

newuser sys +<ExampleUser>

newuser adm +<ExampleUser>

newuser upas +<ExampleUser>

Reboot and set user=<ExampleUser> when prompted at boot time.

Configure user's environment

This is similar to cp -r /etc/skel /home/<ExampleUser> on a UNIX system.

/sys/lib/newuser

Configure headless booting

Mount the boot partition:

term% 9fs 9fat

edit the boot config, /n/9fat/plan9.ini

bootfile=9pc64

nobootprompt=local!/dev/sdC0/fscache

mouseport=ps2

monitor=vesa

vgasize=1024x768x14

user=<ExampleUser>

tiltscreen=none

service=cpu

Add hostowner info to nvram

Hostowner is similar to root but not quite. In our configuration, hostowner is close to being equivalent to a root user. The user= line in our bootprompt sets the hostowner.

For automatic booting (aka not entering a password at the physical machine every time we power it in), we need to add the hostowner's key to nvram.

term% nvram=/dev/sdF0/nvram auth/wrkey

bad nvram des key

bad authentication id

bad authentication domain

authid: <ExampleUser>

authdom: cirno

secstore key: <pre