Moritz ist da. Morten und Angelo auch. Wir reden nochmal über Factotum und das Sicherheitskonzept mit dem SecStore, kommen zum Pufferüberlauf und auf Heartbleed.
Wir arbeiten uns weiter durch die Anleitung von Security in Plan 9. Morten und Moritz spielten Fussball (Morten 2 Mal gewonnen). Julian hat seinen Drucker dabei und druckt ein Warnsignal ;-).
U.a. versuchen wir in „Security in Plan 9″ diese Passage zu ergründen: “ This sequence of events has several advantages. First, the actual authentication protocol is implemented using regular reads and writes, not special 9P messages, so they can be processed, forwarded, proxied, and so on by any 9P agent without special arrangement. Second, the business of negotiating the authentication by reading and writing the authentication file can be delegated to an outside agent, in particular factotum; the programs that implement the client and server ends of a 9P conversation need no authentication or cryptographic code. Third, since the authentication protocol is not defined by 9P itself, it is easy to change and can even be negotiated dynamically. Finally, since afd acts like a capability, it can be treated like one: handed to another process to give it special permissions; kept around for later use when authentication is again required; or closed to make sure no other process can use it. “
Unklar bleibt noch „3.1. Plan 9 shared key protocol“.
Nächste Mal nach den Ferien. 27. August.