[OpenAFS-devel] Re: MEMORY credential cache interop between Heimdal and MIT?

Thu, 30 Aug 2007 14:14:03 -0400

On Aug 28, 2007, at 10:49 PM, Howard Chu wrote:

> . . . Unless you're telling me that your driver would allow any  
> user opening the device to specify any arbitrary UID to own a  
> particular cache. That seems a bit odd to me but so it goes; HPUX  
> also allows anyone to chown files they own to anybody else too by  
> default so somebody out there must think it's a good idea. From a  
> security perspective, it's apalling.

It's how UNIX in general used to work (chown allowing you to give  
away files) up through v7. I don't recall exactly when it changed,  
and it's surprising that HPUX still allows it. As you say, it's  
appalling.

Coming back to AFS - with the changes that file (dir) owners no  
longer always have 'a' rights, file ownership in AFS has become  
largely irrelevant. It's now largely an indicator of who created the  
file - and not even that, considering how often folks tar-zip- 
whatever file sets around.