cc: SSH mailing list
(I'm referring to http://naughty.monkey.org/~dugsong/ssh-afs/)
Hi dugsong,
I was reading through the documentation on your AFS patches to SSH
as I will probably be needing the package in the near future.
I saw the final note on "why local .Xauthority" and read through
Flegel's paper. I was under the impression that local .Xauthority files
would be worse than those on AFS homes - breaking local root on a client
host should be considerably easier than breaking AFS, or else I am in
deep shit :)
It does also raise the interesting question of why weren't local
.Xauthority files implemented right away for non-local (usually NFS)
homes, where the issue of anybody su'ing to any user from other NFS
hosts (and the server, of course) is much more acute, but of course
that has nothing to do with the AFS patch.
--
Atro Tossavainen (Mr.), Systems Analyst - email at URL - +358-9-850-111-86
Institute of Biotechnology, University of Helsinki, Finland
My opinions may freely be shared by my employers if they want to.
< URL : http : / / www . iki . fi / atro . tossavainen / >
