[OpenAFS] Re: [OpenAFS-announce] OpenAFS Security Advisory 2007-001: privilege escalation in Unix-based clients

Carson Gaspar carson@taltos.org
Wed, 21 Mar 2007 16:07:17 -0700

Jeffrey Altman wrote:
> Jason Edgecombe wrote:
>> Ok,  so the summary is that any file copied out of /afs while not
>> authenticated (system:anyuser) can be spoofed. If this correct?
> The issue is subtly different.  It is not which credentials you have
> when copying the data out of the cache, the issue is which credentials
> were used when the data was copied into the cache.  That is why
> performing the "fs flush" before reading data as an authenticated user
> ensures that you will get the correct information when fs crypt is on.

If I'm understanding this correctly, a "fs flush" is still no guarantee, 
as there's a race condition against an unauth'd user accessing the file 
before you do.