[OpenAFS] Re: [OpenAFS-announce] OpenAFS Security Advisory 2007-001:
privilege escalation in Unix-based clients
Kim Kimball
dhk@ccre.com
Wed, 21 Mar 2007 16:18:40 -0600
This is a multi-part message in MIME format.
--------------080607030709020907040104
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Yes, but I thought this depended on a file in the cache that had been
retrieved over an unauthenticated connection.
Lookup won't put a file in the cache.
Jeffrey Altman wrote:
> Kim Kimball wrote:
>
>> If I abandon use of system:anyuser, except for lookup, does that get the
>> job done?
>>
>> It seems to me that this forces all connections capable of fetching data
>> to be authenticated. If I'm reading the alert correctly, this would
>> prevent FetchStatus exploit?
>>
>> Kim
>>
>
> Lookup is performed via FetchStatus
>
> Jeffrey Altman
>
>
>
--------------080607030709020907040104
Content-Type: text/x-vcard; charset=utf-8;
name="dhk.vcf"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="dhk.vcf"
begin:vcard
fn:Dexter 'Kim' Kimball
n:Kimball;Dexter
email;internet:dhk@ccre.com
tel;work:970-207-1474
tel;fax:866-514-9676
tel;home:970-215-6359
tel;cell:818-726-6392
x-mozilla-html:TRUE
version:2.1
end:vcard
--------------080607030709020907040104--