Release of the 9front operating system 10931, published under the code name "THIS TIME DEFINITELY", is presented. The 9front project has been developing a fork of the distributed operating system Plan 2011, independent of Bell Labs, since 9. Ready-to-use installation assemblies are formed for the i386, x86_64 architectures and Raspberry Pi 1-4 boards. The code is distributed under the MIT license. A musical composition dedicated to the release is available.
The main idea of Plan 9 is to erase the distinction between local and remote resources. The system is a distributed environment based on three basic principles: all resources can be viewed as a hierarchical set of files; there is no distinction in access to local and external resources; each process has its own mutable namespace. The 9P protocol is used to create a single distributed hierarchy of resource files.
The 9front fork is notable for the implementation of additional security mechanisms, expanded hardware support, improved wireless networking, the addition of new file systems, the implementation of a sound subsystem and audio format encoders/decoders, USB support, the creation of the Mothra web browser, the replacement of the bootloader and initialization system, and the use of data encryption on disk, Unicode support, the presence of a real address mode emulator, support for the AMD64 architecture and 64-bit address space.
Significant changes:
- The installer includes a new file system gefs, created specifically for Plan 9, supporting snapshots and optimized for fast file traversal in very large directories. The file system is designed to maintain integrity in the event of failures, such as an emergency power outage, and has self-diagnostic tools that prevent hidden data corruption and the return of incorrect data. At the same time, gefs is fully compatible with the traditional 9p file system, the capabilities of which are recreated using the copy-on-write mode and the Bε-tree structure.
- Dynamic allocation support has been added to the ip and ipconfig utilities. IP addresses via DHCPv6 and handling of prefix expiration for IPv6.
- Fixed vulnerability CVE-2024-8158, caused by an error in the authentication mechanism implemented in the lib9p library. The vulnerability allows a user with an account in the system to impersonate any other user when working with the file system. The vulnerability is caused by the lack of proper mapping of the user name transmitted in 9p messages Tauth and Tattach with the client UID issued after the user has passed authentication. The problem manifests itself in all versions of 9front (the error was made in the Plan 9 code even before the fork was created), but affects only configurations with the hjfs file system (the vulnerability does not manifest itself in systems with the cwfs and gefs FS).
Source: opennet.ru
