[OpenAFS] Re: significant delay for afs user to login as root via su

Booker Bense bbense@slac.stanford.edu
Thu, 18 Mar 2010 10:10:48 -0700 (PDT)


On Thu, 18 Mar 2010, Andrew Deason wrote:

>
> Correct me if I'm wrong, but this strikes me as insecure (depending on
> how xauth deals with symlinks, file permissions, and existing files; I'm
> not sure).

xauth won't follow any of those, otherwise you could just make a 
symlink in the home dir. xauth is fairly paranoid wrt standard 
unix file permissions.

> What if someone creates those files with perms 0666? Or
> symlinks them to ~user/thesis.tex ?
>

xauth checks for this. In general if you're writing to shared 
/tmp there is no completely secure method, especially when you 
throw in the problem of setuid executables. You can avoid some
of the most obvious pitfalls, but even if there aren't currently
known exploits, I think it's just a matter of time. The race
conditions are simply inherent in the OS. Even if you figure
out some way around the problems, getting it 'right' for all
cases is very difficult.

The "right" solution IMHO in the enviroment of network based 
home dirs, would be a permanent existing tmp directory per user
that did not require "sticky bits".

I don't like this solution, but I see it as the least possible 
evil.

_ Booker C. Bense