[OpenAFS] Re: [OpenAFS-announce] OpenAFS Security Advisory 2007-001: privilege escalation in Unix-based clients
Wed, 21 Mar 2007 14:11:04 CDT
> On Wed, 21 Mar 2007, Robert Banz wrote:
> > So, how was this "fixed" in 1.4.4, other than just turning setuid off by
> > default?
> It can't be fixed without forcing authenticated connections from cache
> managers, which means you key all your machines, and we modify the
> fileserver to not require a pts id to exist for the keyed identity.
Possible kludg" follows. The squeamish may wish to avert eyes... :)
How about if the cache manager marked the fileStatus entry
as 'fetchedUsecurely' and dropped the suid/sgid mode bits when
storing it and then if an authed user is referencing it, flush
the entry and refetch it securely?
How miserable would this be to implement?