On Friday, March 23, 2007 10:04:28 AM -0400 Jeffrey Altman
<[EMAIL PROTECTED]> wrote:
Kim Kimball wrote:
I'm still wondering if
a. Removing system:anyuser from ACLs will prevent this privilege
escalation
b. Removing system:anyuser from ACLs except "system:anyuser l" will
prevent the privilege escalation (i.e. the only occurrence of
system:anyuser is with l permission)
Any definitive conclusions?
Thanks!
Kim
As has been discussed on this list over the last few days, modifying the
contents of unprotected data retrieved via anonymous connections is just
one form of attack that can be executed.
What Jeff is trying to say is "no".
Changing ACL's will not prevent this attack.
Changing servers will not prevent this attack.
Period.
The only way to prevent this attack is for clients not to honor suid bits
from sources not trusted _by the client_. Since the current AFS client has
no way to obtain a secure connection to the fileserver with which the user
cannot tamper, all sources must be considered untrusted.
-- Jeff
_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
