> The first concern was sites that set up web servers with the root document
> tree as /afs. Transarc is the most obvious site that currently does this.
> What this allows is anyone with a web browser to start poking around
> AFS cells. So if someone wanted to start looking at Transarc's cell they
> can go to the following URL:
>
> http://www.transarc.com/afs/transarc.com/
>
> and start traversing directories to see what they had access to. So now
> any sites with incorrectly set up ACLs, that are mounted in Transarc's cell,
> are vulnerable to ANY user (not just AFS users) accessing files.
Well, yes and no. Yes, the toplevel is visible, but the cell
admin can (and probably *should* - this same thing works with
ftp; http isn't special) construct the permissions on it such that
system:authuser (or some IP-based ACL) is required to go any
further. And, if you protect the toplevel, you're safe from the
drill-down problem.
Of course, the more polite fix for the problem is to have machines
that run web- or ftp- servers use an appropriately-restricted
CellServDB (just mount the local cell). But really, cell
protection is the cell admin's duty.
Pat Wilson
[EMAIL PROTECTED]
