[OpenAFS] Re: [OpenAFS-announce] OpenAFS Security Advisory 2007-001: privilege escalation in Unix-based clients

Derrick J Brashear shadow@dementia.org
Wed, 21 Mar 2007 13:24:50 -0400 (EDT)

Previous message: [OpenAFS] Re: [OpenAFS-announce] OpenAFS Security Advisory 2007-001: privilege escalation in Unix-based clients
Next message: [OpenAFS] Re: [OpenAFS-announce] OpenAFS Security Advisory 2007-001: privilege escalation in Unix-based clients
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 21 Mar 2007, ted creedon wrote:

> Therefore, two cells could be used, one suid and the other for everything
> else?

You could, but that's not going to prevent the attack unless you ensure 
all access to the setuid cell is authenticated and enforce that at the 
client end

Previous message: [OpenAFS] Re: [OpenAFS-announce] OpenAFS Security Advisory 2007-001: privilege escalation in Unix-based clients
Next message: [OpenAFS] Re: [OpenAFS-announce] OpenAFS Security Advisory 2007-001: privilege escalation in Unix-based clients
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]