[OpenAFS-devel] Re: [AFS3-std] Changing RXAFS_GetVolumeStatus
access check to support volume lock down
chas williams - CONTRACTOR
chas@cmf.nrl.navy.mil
Fri, 6 Jul 2012 10:02:49 -0400
On Fri, 06 Jul 2012 15:16:08 +0200 (CEST)
Harald Barth <haba@kth.se> wrote:
> If this would be "restricted information" then one would have to
>
> (1) Close the unauthenticated method
>
> (2) Figure out what WOULD BE a useful access restriction. I think
> that (l) on the volume root is not good. The right access
> restriction would IMHO be "open for any user that has (w) or (i)
> in any directory of the volume". That check is a little more
> tricky to implement but we don't need to think about it until (1)
> is changed.
i think there is merit here. generally one should error on the side of
"less is more" when it comes to security. i understand that the vnodes
are seperate from volumes, i.e. someone should/may be able to browse
your afs tree anonymously, but you might not want them to view the
underlying structure.
vos listvldb doesnt require authentication either. from that you can
easily guess the user names based on volume names. oddly enough,
pts examine doesn't require authentication, but pts listentries does. i
understand this needs to open for certain volumes so that the clients
can find the cell roots, but perhaps there should be some sort of
control on volume information.