(Illustration by Gaich Muramatsu)
Hey all, Something I noticed while playing around with coda today: Say user A borrows user B's laptop to modify some files in user A's home directory. Also assume that user B shouldn't have access to user A's files. 1) User A logs into a dummy local account, authenticates to Coda and creates/changes files. 2) User A unauthenticates.. 3) User A gives laptop back to user B. 4) User B becomes root. 5) User B now has access to all the files in Coda that user A modified and changed. 6) User B can make changes to these files, but changes will not propogate back to Coda because Coda tokens are unavailable, but the volume will go into a disconnected state with CML entries pending for reintegration. 7) Now if user A borrows user B's laptop again, his Coda directory will be in the disconnected state and he will be unable to do anything about it (I think). If he creates tokens as root, all the changes that user B made (which user A does not allow or condone) will propogate back to coda. Essentially, it appears that once a user has root access and is in disconnected mode, that user can do anything with cached Coda files. Isn't this bad? SamirReceived on 2003-09-04 23:19:35