[OpenAFS] Re: [OpenAFS-announce] OpenAFS Security Advisory 2007-001: privilege escalation in Unix-based clients

[John Hascall]

> That brings up a similar exploit:
> 
> Authed user has the session key, from afs/<cell> ticket.
> User modifies the stream being protected by his session key,
> to turn on suid bit thus gaining root.
> 
> This sounds like if root on a machine needs to trust AFS with
> /usr and /bin, root better have its own keyed identity.

It also seems to me that you could do a pretty effective D.O.S.
by sending fileStatus for various files (say starting with /bin/sh)
with zero'd mode bits.

John