[OpenAFS] Re: [OpenAFS-announce] OpenAFS Security Advisory
2007-001: privilege escalation in Unix-based clients
Derrick J Brashear
shadow@dementia.org
Wed, 21 Mar 2007 10:56:38 -0400 (EDT)
On Wed, 21 Mar 2007, Robert Banz wrote:
>
> So, how was this "fixed" in 1.4.4, other than just turning setuid off by
> default?
It can't be fixed without forcing authenticated connections from cache
managers, which means you key all your machines, and we modify the
fileserver to not require a pts id to exist for the keyed identity.