[OpenAFS] Re: [OpenAFS-announce] OpenAFS Security Advisory 2007-001: privilege escalation in Unix-based clients

Robert Banz banz@umbc.edu
Wed, 21 Mar 2007 14:19:24 -0400

On Mar 21, 2007, at 13:42, Derrick J Brashear wrote:

> On Wed, 21 Mar 2007, Derek Atkins wrote:
>> Quoting Derrick J Brashear <shadow@dementia.org>:
>>> On Wed, 21 Mar 2007, ted creedon wrote:
>>>> Therefore, two cells could be used, one suid and the other for  
>>>> everything
>>>> else?
>>> You could, but that's not going to prevent the attack unless you  
>>> ensure all access to the setuid cell is authenticated and enforce  
>>> that at the client end
>> Well, if everything in the suidcell is system:authuser...  That would
>> enforce that, right?
> Not at the client end... Well, you can probably make it work but  
> the server's idea of ACL and what it means enforces nothing at the  
> client.

Damn, well, aren't we all up a protocol pickle without a paddle...

I was hoping to come up with some amazing suggestion, or at least  
something more encouraging to say.  I ain't got nothin'.