On Thursday, July 20, 2006 08:54:40 AM -0500 David Thompson
<[EMAIL PROTECTED]> wrote:
Jeffrey Hutzelman wrote:
3) Specifically for the web server example, in your proposal, a
malicious web page could fork() itself, exit the parent thead, and
wait around and start collecting other authentications, as the web
server changed the authentication in the pag for other requests. Yuch.
Web pages can't call fork() or any other system call; they're just data.
Of course, if you have a web server that runs programs provided by
untrusted users, then you have a whole world of potential problems.
You are correct, would "untrusted cgi/script" have been better?. We have
this situation, and our solution is able to provide afs authentication
for these scripts in a secure manner.
What UID do those scripts run as?
If they all run as the same user, then you haven't gained much.
And if they don't, then something with UID 0 is involved in creating them,
and the one-PAG-per-second rate limit doesn't apply to UID 0.
-- Jeff
_______________________________________________
OpenAFS-devel mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-devel
