Coda File System

Re: Coda development

From: Greg Troxel <gdt_at_ir.bbn.com>
Date: Thu, 05 May 2016 12:59:37 -0400
Jan Harkes <jaharkes_at_cs.cmu.edu> writes:

> On Thu, May 05, 2016 at 10:49:19AM -0400, Greg Troxel wrote:
>> Last I looked, there was the possibility of some fs data to travel
>> unencrypted if it was not associated with a logged-in user.  This is in
>> my view totally not ok.
>
> It is encrypted but there is no shared secret between the client and the
> server during the connection setup handshake, so the session key is
> encrypted with a commonly known 'null key'. If you capture the INIT2
> packet from the server to the client you can trivially decrypt it and
> get the session key.
>
> But.. why would anybody go through that amount of trouble if he can
> connect to the server without authentication himself and get those same
> files anyway? Clearly their ACL must allow System:AnyUser access,
> otherwise the user would have had to be logged-in.

Perhaps.  But my security model involves the notion of limiting access
entirely to an authorized set, and I'd like that to be super clear.
Perhaps that a coda config setting that denies all unauthenticated
access.

Received on 2016-05-05 12:59:47