[OpenAFS] uid 0 im AFS
Charles Clancy
security@xauth.net
Mon, 25 Nov 2002 23:27:22 -0600 (CST)
> how can I create files with the uid 0?
$ klog admin
$ chown root filename
Only members of system:administrators can chown to root. An interesting
side effect of this is that with the default cell configuration, an AFS
admin can compile something like:
main() { setuid(0); system("/bin/sh"); }
chown root it, chmod 4755 it, and then can easily get root on any client
machine. I suppose we have to trust our AFS admins. ;)
The fix is of course "fs setcell -nosetuid", but that could possible cause
other problems, depending on what you're distributing over AFS.
[ t charles clancy ]--[ tclancy@uiuc.edu ]--[ www.uiuc.edu/~tclancy ]