[OpenAFS] Re: [OpenAFS-announce] OpenAFS Security Advisory 2007-001:
privilege escalation in Unix-based clients
Carson Gaspar
carson@taltos.org
Wed, 21 Mar 2007 16:07:17 -0700
Jeffrey Altman wrote:
> Jason Edgecombe wrote:
>
>> Ok, so the summary is that any file copied out of /afs while not
>> authenticated (system:anyuser) can be spoofed. If this correct?
>
> The issue is subtly different. It is not which credentials you have
> when copying the data out of the cache, the issue is which credentials
> were used when the data was copied into the cache. That is why
> performing the "fs flush" before reading data as an authenticated user
> ensures that you will get the correct information when fs crypt is on.
If I'm understanding this correctly, a "fs flush" is still no guarantee,
as there's a race condition against an unauth'd user accessing the file
before you do.
--
Carson