[OpenAFS-devel] kuserok() checking UID ownership on afs
Jeffrey Hutzelman
jhutz@cmu.edu
Tue, 01 Feb 2005 21:25:14 -0500
On Tuesday, February 01, 2005 05:12:19 PM -0800 Russ Allbery
<rra@stanford.edu> wrote:
> I've never really understood the purpose served by this sort of ownership
> check on security-related dotfiles. It seems to me that if an attacker
> can write to the user's home directory, you've already lost, since they
> have control of the user's login files such as .cshrc and can easily
> escalate that to control of the account in a wide variety of different
> ways.
You've been living in an AFS paradise for too long, Russ. :-)
The ability to create files in a user's home directory does not imply the
ability to edit arbitrary dotfiles. Nor does the ability to write to
specific files imply the ability to write to others.
Checks like this are trying to make sure that only the user could have put
the file's contents there. Unfortunately, you need filesystem-specific
knowledge to make such a check.