[OpenAFS-devel] Re: MEMORY credential cache interop between Heimdal and MIT?
Steve Simmons
scs@umich.edu
Thu, 30 Aug 2007 14:14:03 -0400
On Aug 28, 2007, at 10:49 PM, Howard Chu wrote:
> . . . Unless you're telling me that your driver would allow any
> user opening the device to specify any arbitrary UID to own a
> particular cache. That seems a bit odd to me but so it goes; HPUX
> also allows anyone to chown files they own to anybody else too by
> default so somebody out there must think it's a good idea. From a
> security perspective, it's apalling.
It's how UNIX in general used to work (chown allowing you to give
away files) up through v7. I don't recall exactly when it changed,
and it's surprising that HPUX still allows it. As you say, it's
appalling.
Coming back to AFS - with the changes that file (dir) owners no
longer always have 'a' rights, file ownership in AFS has become
largely irrelevant. It's now largely an indicator of who created the
file - and not even that, considering how often folks tar-zip-
whatever file sets around.