(Illustration by Gaich Muramatsu)
On Fri, Oct 25, 2002 at 08:24:31AM +1300, Nathan Ward wrote: > The thing is, ACLs that are honoured client-side are no good. Network > of kernel developers, so they need root. This is why Coda interested > me, in my test network the ACLs appear to be looked after server-side. > And of equal interest it doesn't seem to let you +s files ;]. Correct Coda enforces security at the server, the client just helps out a bit to avoid too many unnecessary operations, and the kernel in many cases is enforcing it's own security decisions that in some cases are conflicting with Coda's access permissions, so that is a bit annoying. You can always mount filesystems 'nosuid' to make sure you don't get hit by other clients messing with the suid bits. For Coda we just made the decision that suid is evil in a distributed system and we actively block setting the setuid bits, but also actively filter them from whatever we get back from the server. So even if someone puts up a compromized server that allows setuid, it won't affect non-compromized clients. Reliable setuid is easily done with 'super' running off the local disk. The advantage is that it gives the local user complete control over which programs can safely be allowed to run setuid, and exactly when and where local users are allowed to run them. JanReceived on 2002-10-28 12:28:31