[OpenAFS] uid 0 im AFS
Tino Schwarze
tino.schwarze@informatik.tu-chemnitz.de
Tue, 26 Nov 2002 11:29:43 +0100
On Mon, Nov 25, 2002 at 11:27:22PM -0600, Charles Clancy wrote:
> > how can I create files with the uid 0?
>
> $ klog admin
> $ chown root filename
>
> Only members of system:administrators can chown to root. An interesting
> side effect of this is that with the default cell configuration, an AFS
> admin can compile something like:
>
> main() { setuid(0); system("/bin/sh"); }
>
> chown root it, chmod 4755 it, and then can easily get root on any client
> machine. I suppose we have to trust our AFS admins. ;)
>
> The fix is of course "fs setcell -nosetuid", but that could possible cause
> other problems, depending on what you're distributing over AFS.
I thought, that is what /usr/vice/etc/SuidCells is for - just make it
empty and suid binaries are a problem of the past.
HTH! Tino.
--
* LINUX - Where do you want to be tomorrow? *
http://www.tu-chemnitz.de/linux/tag/