[OpenAFS] Re: [OpenAFS-announce] OpenAFS Security Advisory
2007-001: privilege escalation in Unix-based clients
Jeffrey Hutzelman
jhutz@cmu.edu
Wed, 28 Mar 2007 17:13:37 -0400
On Wednesday, March 21, 2007 02:53:50 PM -0400 Jason Edgecombe
<jason@rampaginggeek.com> wrote:
> Ok, so local access is required for OPENAFS-SA-2007-001 to be exploited?
No, but it's a lot easier. Without local access, you not only need to
convince the client that some file you can write to is suid; you also have
to convince someone/something that _does_ have local access to run it.
> Can a non-root user exploit it?
This is a privilege escalation on the client. By definition, only a
non-root user can exploit it; root users are already privileged.
-- Jeff