[OpenAFS] Re: [OpenAFS-announce] OpenAFS Security Advisory 2007-001:
privilege escalation in Unix-based clients
Wed, 21 Mar 2007 16:18:40 -0600
This is a multi-part message in MIME format.
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Yes, but I thought this depended on a file in the cache that had been
retrieved over an unauthenticated connection.
Lookup won't put a file in the cache.
Jeffrey Altman wrote:
> Kim Kimball wrote:
>> If I abandon use of system:anyuser, except for lookup, does that get the
>> job done?
>> It seems to me that this forces all connections capable of fetching data
>> to be authenticated. If I'm reading the alert correctly, this would
>> prevent FetchStatus exploit?
> Lookup is performed via FetchStatus
> Jeffrey Altman
Content-Type: text/x-vcard; charset=utf-8;
fn:Dexter 'Kim' Kimball