[8799] in Athena Bugs
AFS: fileserver bugs
daemon@ATHENA.MIT.EDU (Richard Basch)
Fri Jan 3 04:52:06 1992
Date: Fri, 3 Jan 92 04:51:43 -0500
To: bug-afs@MIT.EDU, afs-bugs@transarc.com
Cc: bugs@MIT.EDU
From: "Richard Basch" <basch@MIT.EDU>
1. suid/sgid settings by vanilla users is disallowed in all cases but
one - chmod.
2. The server does not enforce prohibiting changes to readonly volumes;
the only protection is the client cache manager and the acls.
3. The checks for when to do Copy On Write are flawed; it assumes that
multiple links to a file mean that the file is shared by volume
clones. This can also be true when there are files hard linked
within the same directory.
4. One can set the attributes of a readonly volume (quota, motd, etc).
Some of these (ie. motd) might be desirable, if the client cache
manager went to the effort of talking to all the servers with that
volume, but because of the faulty logic, such volume flag manipulations
should be disallowed.
Patches forthcoming... (when I am more awake)
-Richard
