[OpenAFS] bos getlog
Charles Clancy
mgrtcc@cs.rose-hulman.edu
Sat, 21 Jul 2001 13:17:07 -0500
> > Couldn't we limit the files it grabs to those in /usr/afs/logs?
> > I'm just thinking of possible attack scenarios:
> 4 is pointless if you have 3; just use bos exec.
I never noticed "bos exec". Wow.
In order to create volumes, you have to be in the bos superusers,
correct? It seems to me there should be a distinction between someone
able to administer volumes and someone able to remotely run commands as
root on the AFS server.
_________________________________________
Charles Clancy, mgrtcc@cs.rose-hulman.edu
sysadmin emeritus - RHIT Computer Science