[986] in arla-drinkers

home help back first fref pref prev next nref lref last post

Re: proposed PAG handling changes for Arla

daemon@ATHENA.MIT.EDU (Jeffrey Hutzelman)
Tue Jul 20 11:49:41 1999

From owner-arla-drinkers@stacken.kth.se Tue Jul 20 15:49:40 1999
Return-Path: <owner-arla-drinkers@stacken.kth.se>
Delivered-To: arla-drinkers-mtg@bloom-picayune.mit.edu
Received: (qmail 24936 invoked from network); 20 Jul 1999 15:49:39 -0000
Received: from unknown (HELO sundance.stacken.kth.se) (130.237.234.41)
  by bloom-picayune.mit.edu with SMTP; 20 Jul 1999 15:49:39 -0000
Received: (from majordom@localhost)
	by sundance.stacken.kth.se (8.8.8/8.8.8) id RAA09755
	for arla-drinkers-list; Tue, 20 Jul 1999 17:43:10 +0200 (MET DST)
Received: from beryllium.club.cc.cmu.edu (BERYLLIUM.CLUB.CC.CMU.EDU [128.2.232.146])
	by sundance.stacken.kth.se (8.8.8/8.8.8) with ESMTP id RAA09751
	for <arla-drinkers@stacken.kth.se>; Tue, 20 Jul 1999 17:42:46 +0200 (MET DST)
Received: from afstest-1.fac.cs.cmu.edu (AFSTEST-1.FAC.CS.CMU.EDU [128.2.194.215])
	by beryllium.club.cc.cmu.edu (8.8.5/8.8.5) with SMTP id LAA06635;
	Tue, 20 Jul 1999 11:42:32 -0400 (EDT)
Date: Tue, 20 Jul 1999 11:42:31 -0400 (EDT)
From: Jeffrey Hutzelman <jhutz@cmu.edu>
X-Sender: jhutz@afstest-1.fac.cs.cmu.edu
To: Chris Wing <wingc@engin.umich.edu>
cc: arla-drinkers@stacken.kth.se
Subject: Re: proposed PAG handling changes for Arla
In-Reply-To: <Pine.LNX.4.10.9907191527560.1772-100000@shaft.engin.umich.edu>
Message-ID: <Pine.SOL.3.95L.990720114020.2627D-100000@afstest-1.fac.cs.cmu.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-arla-drinkers@stacken.kth.se
Precedence: bulk

On Mon, 19 Jul 1999, Chris Wing wrote:

> 2. We should prevent setgroups() from being used to store a fake PAG of
> the user's choosing. (i.e. "attaching" to someone else's PAG) True, in
> most cases a user with the ability to setgroups() is all-powerful to begin
> with, but the present behavior makes it just too easy for someone with
> root access to use setgroups() and then setuid() to get access to another
> user's AFS tokens. This is especially important in a capabilities system
> like Linux, because in theory a process may have the ability to use
> setgroups(), but no other special privileges.

Note that this would be inconsistent with the behaviour of AFS, which
allows anyone who can call setgroups() to set or change his PAG.

-- Jeff


home help back first fref pref prev next nref lref last post