[OpenAFS] eliminating non-ptserver authorization (was: "vos dump" authorization based on "bos adduser")
Frank Burkhardt
fbo2@gmx.net
Mon, 11 Jun 2007 12:25:33 +0200
Hi,
On Fri, Jun 08, 2007 at 03:23:48PM -0500, Christopher D. Clausen wrote:
> Adam Megacz <megacz@cs.berkeley.edu> wrote:
> > "Christopher D. Clausen" <cclausen@acm.org> writes:
> >> So how would I issue bos shutdown for an entire cell, and then bos
> >> startup?
> >
> > I guess that's the only case where this is a problem. But how often
> > does somebody without login access to any of the fileservers shut down
> > an entire cell (for that matter, how often does anybody ever shut down
> > an entire cell)?
> >
> >> Logon to one of the AFS servers so that I have access to the
> >> KeyFile? This isn't ideal in certain situations.
> >
> > If you are on the UserList, can't you (ab)use "bos exec" to steal the
> > KeyFile anyways?
>
> There is a --enable-bos-restricted-mode configure option. I'm pretty
> sure that it disables bos -exec. Maybe someone can specify what exactly
> bos restricted mode enables or disables?
I found this (german) page about that topic:
http://archiv.tu-chemnitz.de/pub/2001/0097/data/bosserver1.html
It basically says:
-restricted mode disables "bos (exec|create|delete|install|uninstall)"
-restricted mode rejects "bos getlog"-requests for filenames starting with "/"
(hopefully this mode will check for '..'s in the path ;-) )
-to enable restricted mode either start bos with '-restricted' option or
use 'bos setrestricted'
-to disable restrited mode use 'killall -FPE bosserver'
Regards,
Frank