[OpenAFS-devel] kuserok() checking UID ownership on afs

Jeffrey Hutzelman jhutz@cmu.edu
Tue, 01 Feb 2005 21:25:14 -0500


On Tuesday, February 01, 2005 05:12:19 PM -0800 Russ Allbery 
<rra@stanford.edu> wrote:

> I've never really understood the purpose served by this sort of ownership
> check on security-related dotfiles.  It seems to me that if an attacker
> can write to the user's home directory, you've already lost, since they
> have control of the user's login files such as .cshrc and can easily
> escalate that to control of the account in a wide variety of different
> ways.

You've been living in an AFS paradise for too long, Russ. :-)
The ability to create files in a user's home directory does not imply the 
ability to edit arbitrary dotfiles.  Nor does the ability to write to 
specific files imply the ability to write to others.

Checks like this are trying to make sure that only the user could have put 
the file's contents there.  Unfortunately, you need filesystem-specific 
knowledge to make such a check.