[OpenAFS-devel] safe dropboxing in an anonymous world
Derrick Brashear
shadow@gmail.com
Mon, 7 Feb 2011 11:02:18 -0500
In Check_PermissionRights there is code:
if (CallingRoutine & CHK_FETCH) {
if (CallingRoutine == CHK_FETCHDATA || VanillaUser(client)) {
if (targetptr->disk.type == vDirectory
|| targetptr->disk.type == vSymlink) {
xxx
} else { /* file */
/* must have read access, or be owner and have insert access */
if (!(rights & PRSFS_READ)
&& !(OWNSp(client, targetptr) && (rights & PRSFS_INSERT)))
return (EACCES);
}
The effect of the "or be owner and have insert access" is to allow
readback if for some reason you need to pull back from the server in
the process of writing something out for insert. In an "atomic write"
world this would not be necessary, and
in this world it is only dubiously so.
In a directory which is system:anyuser li, this allows people to read
previous submissions. This is probably undesirable. It's simple to
avoid the problem this way, which the compromise that readback isn't
possible.
Ignoring the broader question of "do we really want the readback
ever", comments on this revision?
--
Derrick