[OpenAFS] Re: significant delay for afs user to login as root via su

Andrew Deason adeason@sinenomine.net
Thu, 18 Mar 2010 11:32:41 -0500


On Thu, 18 Mar 2010 09:21:13 -0700 (PDT)
Booker Bense <bbense@slac.stanford.edu> wrote:

> You can do this with the current pam_env on linux based machines 
> ( and solaris and OSX with some hacking... ).
> 
> XAUTHORITY      DEFAULT=/tmp/${\$}.Xauthority   OVERRIDE=/var/tmp/@{PAM_USER}.Xauthority
> 
> Basically, you can use anything in the current ENV to set new 
> ENV variables.

Correct me if I'm wrong, but this strikes me as insecure (depending on
how xauth deals with symlinks, file permissions, and existing files; I'm
not sure). What if someone creates those files with perms 0666? Or
symlinks them to ~user/thesis.tex ?

-- 
Andrew Deason
adeason@sinenomine.net