Douglas E. Engert wrote: > That brings up a similar exploit: > > Authed user has the session key, from afs/<cell> ticket. > User modifies the stream being protected by his session key, > to turn on suid bit thus gaining root. > > This sounds like if root on a machine needs to trust AFS with > /usr and /bin, root better have its own keyed identity.
One of the design elements of rxgk is preventing this attack. Does anyone have any resources they want to throw in the direction of helping finish the implementation? What is needed more than anything else at this point is time which equates to currency for Derrick and a few others to finish what was started in Stockholm in January. Jeffrey Altman Secure Endpoints Inc.
smime.p7s
Description: S/MIME Cryptographic Signature
