[OpenAFS-devel] Re: safe dropboxing in an anonymous world

Jeffrey Altman jaltman@secure-endpoints.com
Mon, 07 Feb 2011 14:04:46 -0500 

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigCD1616B46B3CD808DDDF47F3
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 2/7/2011 1:35 PM, Andrew Deason wrote:
>=20
> I'm just saying, if the not-recommended s:anyuser case sometimes breaks=

> as a result of this, it is not intrinsic. We can modify the client to
> make it work.

In the dropbox case the client has no need to read anything from the
server.  It should only be creating new files.  Restricting the writing
to only dirty data doesn't matter.  It certainly would make the client
faster.  The Windows CM already only writes the dirty portions of a 1K pa=
ge.

If the Unix CM is reading beyond the end of file as part of preparing a
chunk to be written, that sounds like a bug to me.  The Windows CM never
reads data from the file server beyond the known EOF.  If the file is
new, the file length is 0 and the client prepares the page locally
without file server interaction.

>> This problem is not new and has been well-known in the AFS community
>> for quite some time.  The "What are dropboxes?" section (2.22) of the
>> AFS FAQ: Using AFS page includes the following:
>=20
> The general problem, yes. But the text you are referencing treats it as=

> a security/visibility problem. The change Derrick is talking about
> introduces a new problem where the write to the dropbox file could
> potentially fail, making the mechanism effectively break depending on
> the use case.
>=20
> I'm not saying that's necessarily a big problem, but it is a new thing
> that users should be made aware of.

The write will never fail.


>> I think it would also be worth-while to have a file server option that=

>> disables "i" for anonymous in its entirety.
>=20
> Such as gerrit 217?
>=20


--------------enigCD1616B46B3CD808DDDF47F3
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iQEcBAEBAgAGBQJNUEJQAAoJENxm1CNJffh4GywIANxdacrT40kcu38JQUZAnIsE
X+uZaTy0Ih6o6iavom6zCjE06nfnsGMMMuk+fH0zRiIuEZHTZRYyCsY7+8INkIfo
386k2GK4KVNl0z1VdQdaIwhq9N96jIyyxHLgVwXo00T8YHCgmzgB94rNdk8vT8pk
MCnPxaXoFx1gPxCOCBIW4m5na5iFSA/gjMwTiQVEG4Pw9XYkyEp6TahHVIORc/jp
FrIfClKi6YQi4/+PRa8Tk55IN+7rTIzg090SuUKc5CDlueclRvj5phDNxMcPnZxl
3nsG+ggD59WUmK/drA1zvjPR0t+Ni9atuflqEzBZ7bi0+FJg3BdL60IJbizBEps=
=aQFP
-----END PGP SIGNATURE-----

--------------enigCD1616B46B3CD808DDDF47F3--