[OpenAFS-devel] kuserok() checking UID ownership on afs
Russ Allbery
rra@stanford.edu
Wed, 02 Feb 2005 17:01:09 -0800
Jeffrey Hutzelman <jhutz@cmu.edu> writes:
> You've been living in an AFS paradise for too long, Russ. :-) The
> ability to create files in a user's home directory does not imply the
> ability to edit arbitrary dotfiles.
I know that, but it usually doesn't matter. Do you have every single
dotfile that your shell looks at created in your home directory? I know
that I don't have a .tcshrc.
Creating arbitrary files is functionaly equivalent to being able to edit
dotfiles for most user configurations and shell behavior.
> Nor does the ability to write to specific files imply the ability to
> write to others.
This argument, while true, doesn't support ownership checks.
> Checks like this are trying to make sure that only the user could have
> put the file's contents there.
I think we all know what the check is for. :) I don't believe anyone can
actually explain the threat model that the ownership check is protecting
against.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>