Michael Meffie <[email protected]> wrote:
Simon Wilkinson wrote:
On 5 Dec 2010, at 02:55, Derrick Brashear <[email protected]>
wrote:
We tell you that you can, and how, to disable this
Perhaps we should ship with it disabled by default?
Yes, I agree, bos exec really should disabled by default, and only
turned on after people understand the implications. (I've used
the same trick Derrick mentioned, bos exec/bos getlog. I thought
I was being clever.)
Someone correct me if this has changed, but be careful enabling
restricted mode by default. This adds a line to BosConfig and backing
out newer binaries with this option enabled for older binaries can cause
AFS to no longer work as the old binaries do not understand the
restrictedmode entry in the BosConfig file and give some kind of cryptic
error or something. (Or at least I had something like this happen once
and had to remove the offending line from BosConfig by hand to get my
old binaries to work again.)
This can be somewhat of a problem when backing out upgrades due to
whatever problems.
That said, I do think this is a good idea. Random services (especially
ones running as root) shouldn't have a default mechanism to run
arbitrary binaries on a system. People likely do not realize that
adding someone to UserList also effectively gives them root access on
the AFS servers which could be running other services as well.
<<CDC
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
