[OpenAFS] Re: [OpenAFS-announce] OpenAFS Security Advisory 2007-001: privilege escalation in Unix-based clients

Derrick J Brashear shadow@dementia.org
Wed, 21 Mar 2007 10:56:38 -0400 (EDT)

On Wed, 21 Mar 2007, Robert Banz wrote:

> So, how was this "fixed" in 1.4.4, other than just turning setuid off by 
> default?

It can't be fixed without forcing authenticated connections from cache 
managers, which means you key all your machines, and we modify the 
fileserver to not require a pts id to exist for the keyed identity.