[OpenAFS-devel] Re: "l" permissions are not actually weaker than we're telling people

Andrew Deason adeason@sinenomine.net
Mon, 18 Jan 2010 14:19:22 -0600


On Mon, 18 Jan 2010 15:11:25 -0500
Derrick Brashear <shadow@gmail.com> wrote:

> If you're bored, you can read every FID you can read. Just read them
> one at a time, starting with 1.

My intuition tells me OpenAFS' fileserver abort threshold would make
this take longer, too.

> Don't want to let someone read something? There are these ACLs....
> set them.

I agree, but

>>>> That's something I think might be worth documenting as a security
>>>> concern (and plenty of other similar cases).

documenting explicitly 'removing l doesn't remove all rights in
descendants' is probably a good idea. I'm not aware of anywhere we
suggest otherwise, but people tend to think that anyway. It's hard
enough to get people not to trust ACLs in "parent" volumes because they
don't realize volumes could be mounted from anywhere.

-- 
Andrew Deason
adeason@sinenomine.net