If I abandon use of system:anyuser, except for lookup, does that get the
job done?
It seems to me that this forces all connections capable of fetching data
to be authenticated. If I'm reading the alert correctly, this would
prevent FetchStatus exploit?
Kim
Derrick J Brashear wrote:
On Wed, 21 Mar 2007, ted creedon wrote:
Therefore, two cells could be used, one suid and the other for
everything
else?
You could, but that's not going to prevent the attack unless you
ensure all access to the setuid cell is authenticated and enforce that
at the client end
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
begin:vcard
fn:Dexter 'Kim' Kimball
n:Kimball;Dexter
email;internet:[EMAIL PROTECTED]
tel;work:970-207-1474
tel;fax:866-514-9676
tel;home:970-215-6359
tel;cell:818-726-6392
x-mozilla-html:TRUE
version:2.1
end:vcard
