[OpenAFS] "group prefix doesn't match owner"

Russ Allbery rra@stanford.edu
Mon, 03 May 2010 19:51:39 -0700


Jeffrey Altman <jaltman@secure-endpoints.com> writes:

> I suspect that the above is a security issue.  It means that user 1 can
> be assigned pts id "foo" and if "foo" is deleted (but not foo's groups)
> when user 1 leaves the company, then when user 2 comes along and is
> assigned the unused "foo", s/he will inherit all of the groups that
> belonged to user 1.

> I suspect the proper behavior should at some point become that deletion
> of pts id "foo" should remove all of the groups as well.

Ugh, no, please don't.  Instead, I'd much rather see us break the (IMO
broken) behavior that forces namespace on groups based on who owns them.
We have a perfectly usable owner field that already says who owns the
group.

> By intentionally creating groups that are owned by no valid pts id, you
> increase the chance that such an id would be used for another purpose.

He's creating groups owned by PTS ID 0.  I suspect that's safe.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>