[OpenAFS-devel] kuserok() checking UID ownership on afs
Russ Allbery
rra@stanford.edu
Tue, 01 Feb 2005 22:28:23 -0800
Ken Raeburn <raeburn@MIT.EDU> writes:
> Generally, only if the user actually logs in, turning control of any
> non-home-directory resources over to whomever has write access to the
> home directory or dotfiles. If I never log in to a system using my AFS
> homedir, and never use my .cshrc file, it doesn't matter if I
> accidentally give you write access to it. You don't get access to my
> email, and you don't get to use my Kerberos credentials or AFS tokens
> (which I may happily be using from a laptop).
Okay, true, but that seems rather unlikely. If you never log in, how did
you manage to accidentally give someone else write access to your home
directory? (And I don't see how changing your .k5login file on a system
you don't log on to gets them access to your credentials or AFS tokens.)
> Accidental world-write access to certain dotfiles while not the
> directory itself (granted, generally not an issue for AFS, with the lack
> of such fine-grained control, unless the dotfiles are symlinks to
> elsewhere).
Oh, I have no problems with checking to be sure that .k5login isn't
word-writable, I just object to checking its ownership. I should have
made that clearer. The file mode checks (and even directory mode checks)
don't cause the same problems that the ownership checks cause.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>