[OpenAFS] Re: [OpenAFS-announce] OpenAFS Security Advisory 2007-001: privilege escalation in Unix-based clients

John Hascall john@iastate.edu
Wed, 21 Mar 2007 14:11:04 CDT

> On Wed, 21 Mar 2007, Robert Banz wrote:
> > So, how was this "fixed" in 1.4.4, other than just turning setuid off by 
> > default?

> It can't be fixed without forcing authenticated connections from cache 
> managers, which means you key all your machines, and we modify the 
> fileserver to not require a pts id to exist for the keyed identity.

Possible kludg" follows.  The squeamish may wish to avert eyes... :)

How about if the cache manager marked the fileStatus entry
as 'fetchedUsecurely' and dropped the suid/sgid mode bits when
storing it and then if an authed user is referencing it, flush
the entry and refetch it securely?

How miserable would this be to implement?