[OpenAFS] openafs-1.4.2 RHEL RPM package installs nonempty
SuidCells and mangles CellServDB
Derrick J Brashear
shadow@dementia.org
Thu, 16 Nov 2006 10:11:35 -0500 (EST)
> IMHO this is a security issue! This should not *never* happen, because it
> poses a threat to unexperienced users and during updates of the client.
Ok, but.
> The same mechanism is applied to CellServDB!
>
> We maintain our CellServDB ourself for several reasons. This startup script
> mangles our configuration and interferes with our scripts. Even if I remove
> CellServDB.dist and CellServDB.local (which is empty), my CellServDB
> (maintained by cfengine, and on some older systems by a cronjob) is
> overwritten:
Most people don't have their own, and so instead we'll get people for whom
CellServDB never updates. Unless you can offer a solution to that, you'll
get no traction.
> The script should test for existing configuration files. Modifying CellServDB
> and SuidCells should be a configuration option in /etc/default/openafs that
> is switched off by default.
SuidCells I buy. CellServDB, nope, try again. Like, for all the sites
which already have the global CellServDB, unless they opt in, they'll
never get an update again. That's unacceptable.
Derrick