[OpenAFS] Re: significant delay for afs user to login as root via su
Andrew Deason
adeason@sinenomine.net
Thu, 18 Mar 2010 11:32:41 -0500
On Thu, 18 Mar 2010 09:21:13 -0700 (PDT)
Booker Bense <bbense@slac.stanford.edu> wrote:
> You can do this with the current pam_env on linux based machines
> ( and solaris and OSX with some hacking... ).
>
> XAUTHORITY DEFAULT=/tmp/${\$}.Xauthority OVERRIDE=/var/tmp/@{PAM_USER}.Xauthority
>
> Basically, you can use anything in the current ENV to set new
> ENV variables.
Correct me if I'm wrong, but this strikes me as insecure (depending on
how xauth deals with symlinks, file permissions, and existing files; I'm
not sure). What if someone creates those files with perms 0666? Or
symlinks them to ~user/thesis.tex ?
--
Andrew Deason
adeason@sinenomine.net