[OpenAFS-devel] [AFS3-std] "l" permissions are not actually weaker than we're telling
people
Derrick Brashear
shadow@gmail.com
Mon, 18 Jan 2010 14:32:56 -0500
On Mon, Jan 18, 2010 at 2:26 PM, Adam Megacz <adam@megacz.com> wrote:
>
> Jeffrey Altman <jaltman@secure-endpoints.com> writes:
>> One of the reasons for this approach is that file servers do not process
>> paths when responding to the cache manager requests.
>
> I was actually stunned by this when I read vnode.c/viced.c... apparently
> RENAME is the only operation that walks to the root of the directory
> hierarchy (because the fileserver must guard against cyclic directory
> paths). =A0Surprising!
>
> Does this mean that if we have a setup like this:
>
> =A0 =A0mkdir foo
> =A0 =A0fs sa foo system:anyuser rlidw
> =A0 =A0mkdir foo/bar
> =A0 =A0fs sa foo system:anyuser none
>
> That anonymous users can access "foo/bar/", so long as they know the FID
> for "bar" -- either because the fourth command wasn't executed
> immediately after the third, or else because they were simply patient
> enough to guess it?
Doesn't mean that in the slightest. Note that foo/bar/ is a directory
and not actual data, but, the case is the same regardless.
Permissions are enforced for every vnode. Look at
Check_PermissionRights in afsfileprocs.c
It just means that just because you can't see intermediate directories
doesn't mean you can't see what's in a file *if the acl on the file
allows it*... regardless of what's interspersed.
> That's something I think might be worth documenting as a security
> concern (and plenty of other similar cases).
If it were true, it would be.
> Thanks for your patience in clarifying my understanding of how all of
> this works... =A0apologies if I can be a bit dense at times. =A0I'm tryin=
g
> to understand why things work the way they do rather than just how they
> work.
>
> =A0- a
>
>
>
>
> _______________________________________________
> AFS3-standardization mailing list
> AFS3-standardization@openafs.org
> http://michigan-openafs-lists.central.org/mailman/listinfo/afs3-standardi=
zation
>
--=20
Derrick