On Wed, 21 Mar 2007, John Hascall wrote:
On Wed, 21 Mar 2007, Robert Banz wrote:
So, how was this "fixed" in 1.4.4, other than just turning setuid off by
default?
It can't be fixed without forcing authenticated connections from cache
managers, which means you key all your machines, and we modify the
fileserver to not require a pts id to exist for the keyed identity.
Possible kludg" follows. The squeamish may wish to avert eyes... :)
How about if the cache manager marked the fileStatus entry
as 'fetchedUsecurely' and dropped the suid/sgid mode bits when
storing it and then if an authed user is referencing it, flush
the entry and refetch it securely?
How miserable would this be to implement?
not overly, actually, but it wasn't something we could get done by 1.4.3
time. it also only helps if it's an auth'd user but that's better than
nothing, at least if it's something you allow people to opt into (i could
see cases where losing suid but being able to run it anyway in some cases
but keeping suid in others would be a usability nightmare)
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
