> On Wed, 21 Mar 2007, Robert Banz wrote: > > So, how was this "fixed" in 1.4.4, other than just turning setuid off by > > default?
> It can't be fixed without forcing authenticated connections from cache > managers, which means you key all your machines, and we modify the > fileserver to not require a pts id to exist for the keyed identity. Possible kludg" follows. The squeamish may wish to avert eyes... :) How about if the cache manager marked the fileStatus entry as 'fetchedUsecurely' and dropped the suid/sgid mode bits when storing it and then if an authed user is referencing it, flush the entry and refetch it securely? How miserable would this be to implement? John _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
