[OpenAFS-devel] kuserok() checking UID ownership on afs

[Russ Allbery]

Jeffrey Hutzelman <jhutz@cmu.edu> writes:

> You've been living in an AFS paradise for too long, Russ. :-) The
> ability to create files in a user's home directory does not imply the
> ability to edit arbitrary dotfiles.

I know that, but it usually doesn't matter.  Do you have every single
dotfile that your shell looks at created in your home directory?  I know
that I don't have a .tcshrc.

Creating arbitrary files is functionaly equivalent to being able to edit
dotfiles for most user configurations and shell behavior.

> Nor does the ability to write to specific files imply the ability to
> write to others.

This argument, while true, doesn't support ownership checks.

> Checks like this are trying to make sure that only the user could have
> put the file's contents there.

I think we all know what the check is for.  :)  I don't believe anyone can
actually explain the threat model that the ownership check is protecting
against.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>