[AFS3-std] Request for a capability bit for RxOSD

[Felix Frank]

>> - Are there any security implications, particularly when capabilities 
>> are unauthenticated?
> 
> I have no response to this. I don't see how such information can impact 
> security at all.

The recent discussions concerning file ACLs cleared that point up to me.

And no, no security issues whatsoever. Clients are provided with rxosd 
"credentials" only if the fileserver has determined proper access rights 
to the file in question. An attacker who feigns the capability on a 
client will receive only data he is entitled to, anyway (or he will not 
if he does not have the proper access rights).

A server that feigns rxosd capabilities might (depending on the client 
implementation) confuse a client because the server will not serve at 
least one OSD-specific RPC that the client expects. Current 
implementations handle that case though (they have no capabilities to 
rely on in the first place).

Regards
  - Felix