Subject: Re: [netatalk-admins] Re: Feature Suggestion: AFP/TCP running as user, not root
From: Aaron Gowatch (aarong@wired.com)
Date: Fri Nov 14 1997 - 17:23:23 EST
On Fri, 14 Nov 1997, a sun wrote:
> um, man setuid()/setgid() would be called for here. unless you're
> root, you can't change your identity. the only hole can you open up is
> allowing others to access your appleshare volume as you.
So maybe including setuid() and setgid() with the rest was probably going
too far. Yes, after I sent the message I decided that if you ripped all
of the auth stuff out, started afpd as yourself, you could in theory
connect to the box with whatever permissions the process has.
Finding out what port a user is running their afpd on could be as simple
as running netstat -a.
As a Sysadmin, security is an obvious concern. I'm glad that no one is
trying to do this on one of our machines.
Aa.
This archive was generated by hypermail 2b28 : Sat Dec 18 1999 - 16:28:08 EST