On Wed, 19 Apr 1995 [EMAIL PROTECTED] wrote:
> Once more the time has come when I make one of my pleas to
> Transarc to restrict some of what can be done if you have
> root access on a machine in AFS. Let me remind any other timid
> cell administrators of some of the things you can do.
> Today I'll look at the bos command. These things all seem to work
> even on AFS client machines with no authentication required, just
> root access.
Owen,
you're right in that it would be nice if some of these commands were
slightly better protected in order to avoid accidental deletion of
AFS volumes or messing up of servers.
However, let me remind you that as soon as I know the contents of your
/usr/afs/etc/KeyFile, I can create myself tokens for *any* user in your
cell, including the guys in the UserList who can then do 'bos exec' and
the like.
Actually, this file is the main critical point in AFS security. I can
even become root once you let me read it. And reversely - once I'm root I
can read it...
The way AFS is constructed you cannot protect yourself against somebody with
root access to your file server. However, I haven't come across a serious
leak in client machines yet: make sure they don't have a copy of the KeyFile
around, and never 'klog' as an admin user on an untrusted client.
BTW: I believe things change in DCE/DFS, where the client requests different
tickets for different servers.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Rainer Toebbicke - [EMAIL PROTECTED] -or- [EMAIL PROTECTED] O__
European Laboratory for Particle Physics(CERN) - Geneva, Switzerland > |
Phone: +41 22 767 4911 Fax: +41 22 767 8690 ( )\( )
