[2333] in Info-AFS_Redistribution
Re:
daemon@ATHENA.MIT.EDU (Bob Dew)
Wed Feb 9 16:58:31 1994
Date: Wed, 9 Feb 1994 10:28:54 -0500 (EST)
From: Bob Dew <rdew+@alw.nih.gov>
To: rick@msc.cornell.edu
Cc: Info-AFS@transarc.com (AFS Mailing List), AFS-Helpline@transarc.com
In-Reply-To: <199402091426.AA18627@panther.msc.cornell.edu>
Excerpts from mail: 9-Feb-94 Re: rick@msc.cornell.edu (994*)
> > The drawback to this kind of system, obviously, is
> > that your AFS security becomes vulneralbe to the same breaches that NFS
> > is susceptible to.
> Actually, this is not at all obvious. I would like to see a careful
> analysis of the additional security risks posed by the NFS translator.
I asked this list about this a while back and got nothing.
The obvious part is that NFS requires merely a userid to gain access to
NFS-mounted file systems.
If user "bob" has access rights on an NFS directory, then anybody with
root access on a remote host who can mount the file system can
masquerade as "bob" and access the directory. The part that might not
be obvious is that translator tokens aren't PAG-related, so if "bob" has
valid server tokens, then any other "bob" that accesses the server will
also have tokens.
-Bob
