[OpenAFS-devel] Win2K bug in OpenAFS 1.2.0 token handling
Marc Dionne
dionne@cs.wisc.edu
Wed, 19 Sep 2001 12:17:37 -0500
There's a bug in OpenAFS 1.2.0 (and probably earlier versions) on
Windows 2000 which allows users to use/steal other users' tokens. In
some environments this could be a serious security problem. I'd be
curious to hear if others can reproduce this.
Here's the scenario:
- Login as user A, get an AFS token
- Open up a command prompt window running as user B:
runas /user:B /prof cmd.exe
- Verify that user B has no token at this point
- From the B window:
net use p: \\<machine>-afs\all /user:A
- "tokens" shows that B now has A's token and can access AFS using that
token. If either user klogs or unlogs at this point, they affect the
same token. I also noticed that if B uses drive mappings other than the
one created above to access AFS, access is VERY slow, but is granted
according to A's token. If B uses the newly mapped drive, access is
much faster.
- Deleting the drive mapping (net use p: /d) makes things go back to
normal, and B no longer has a token.
On a machine with the IBM AFS client v.3.6-2.18, the attempt to map to
AFS as a different user fails with:
"The credentials supplied conflict with an existing set of credentials."
..which sounds like the appropriate response.
I'm looking into a potential patch.
=
Marc Dionne <dionne@cs.wisc.edu>
Computer Sciences Department
University of Wisconsin