[OpenAFS-devel] kuserok() checking UID ownership on afs

Russ Allbery rra at stanford.edu
Wed Feb 2 20:01:09 EST 2005

Jeffrey Hutzelman <jhutz at cmu.edu> writes:

> You've been living in an AFS paradise for too long, Russ. :-) The
> ability to create files in a user's home directory does not imply the
> ability to edit arbitrary dotfiles.

I know that, but it usually doesn't matter.  Do you have every single
dotfile that your shell looks at created in your home directory?  I know
that I don't have a .tcshrc.

Creating arbitrary files is functionaly equivalent to being able to edit
dotfiles for most user configurations and shell behavior.

> Nor does the ability to write to specific files imply the ability to
> write to others.

This argument, while true, doesn't support ownership checks.

> Checks like this are trying to make sure that only the user could have
> put the file's contents there.

I think we all know what the check is for.  :)  I don't believe anyone can
actually explain the threat model that the ownership check is protecting

Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

More information about the krbdev mailing list