Quoting "Christopher D. Clausen" <[EMAIL PROTECTED]>:
This script could also touch a file in the class volume
so the TAs have the list of users. A simple "rli" will let you do
this.
You could touch files for other students then. (I'm not sure if that
would be a bad or not, it would depend if students can get negative
points for turning in non-functioning code.)
There's really no risk here, tho, unless different students have homework
due at different times. The fact that student A touches a file for student
B only means that the TAs would think that student B exists.. nothing more.
If student B isn't in the class, then it's just a DoS against the TAs
(because they have to do more work to find the real homework). If student
B IS in the class, well, their homework would be due at the same time
as student A, so when the TA looks into ~B/path/to/homework they would still
find student B's results, working or no.
I'll also point out that in the previous approach this attack is even worse!
Student A could create a directory in the class-volume under student B's
name, but make it so student B couldn't access it! Then student B would
be locked out from submitting work at all! I would consider that even
worse than telling the TAs about a student who isn't in the class.
<<CDC
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
[EMAIL PROTECTED] PGP key available
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
