[OpenAFS] keeping openafs from breaking group security

[Matthew Miller]

I know I've said this before, but it was broken for a while, and now that
it's back, I wanted to aggitate about it a bit, because it's a real problem.


1. Look in password file to find the group id of a professor or
   administrator or smart kid with papers you want to steal. Say,
   44490. Username of "victim".

2. Run 'pagsh', and get something like this:

  $ id
  uid=18281(mattdm) gid=18281(mattdm)
  groups=33550,44480,10(wheel),501(bulinux),502(aptgen),18281(mattdm)

3. Hmmm. Not good enough. Let's try exiting pagsh and running it again.
   Now we get:

  $ id
  uid=18281(mattdm) gid=18281(mattdm)
  groups=33550,44481,10(wheel),501(bulinux),502(aptgen),18281(mattdm)


4. Cool -- getting closer. Run it, oh, say, 9 more times, and:

  $ id
  uid=18281(mattdm) gid=18281(mattdm)
  groups=33550,44490(victim),10(wheel),501(bulinux),502(aptgen),18281(mattdm)

5. Tada! I'm a member of someone else's group.


OpenAFS has no business breaking normal Unix security -- even if it has done
this since time immemorial. It has got to be done a different way.

If I remember right, there *was* talk of doing it some different way. Has
there been any progress on that?

In the meantime, is there a simple way to disable this completely?



-- 
Matthew Miller            mattdm@mattdm.org        <http://www.mattdm.org/>
-->  Fedora Users & Developers Conference, hosted by Boston University  <--
February 18th, 2005                 <http://fedoraproject.org/wiki/FUDCon1>