[OpenAFS] Re: [OpenAFS-announce] OpenAFS Security Advisory
2007-001: privilege escalation in Unix-based clients
Derek Atkins
warlord@MIT.EDU
Wed, 21 Mar 2007 13:34:41 -0400
Quoting Derrick J Brashear <shadow@dementia.org>:
> On Wed, 21 Mar 2007, ted creedon wrote:
>
>> Therefore, two cells could be used, one suid and the other for everything
>> else?
>
> You could, but that's not going to prevent the attack unless you
> ensure all access to the setuid cell is authenticated and enforce
> that at the client end
Well, if everything in the suidcell is system:authuser... That would
enforce that, right?
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available