| commit | c0414134f8d7a4ebd74a5ff619cc97eea7bd6445 | |
| author | Russ Allbery <rra@debian.org> | |
| Mon, 19 Mar 2007 21:06:14 +0000 (19 21:06 +0000) | ||
| committer | Russ Allbery <rra@debian.org> | |
| Mon, 19 Mar 2007 21:06:14 +0000 (19 21:06 +0000) | ||
| tree | a1bf56ed32061a64e62eb27bcd2e74aa3ec7ad8e | treesnapshot (tar.gz zip) |
| parent | e60e4c38dea9be534a3e69d5bbf6ba9cb08682d8 | commitdiff |
* SECURITY: Apply upstream patch to disable setuid status on all cells
by default. Prior versions of AFS defaulted to honoring setuid bits
in the local cell, but since unauthenticated file access in AFS is
unencrypted, an attacker could forge packets from an AFS file server
to synthesize a setuid binary in AFS.
by default. Prior versions of AFS defaulted to honoring setuid bits
in the local cell, but since unauthenticated file access in AFS is
unencrypted, an attacker could forge packets from an AFS file server
to synthesize a setuid binary in AFS.
| debian/changelog | diffblobblamehistory | |
| debian/openafs-client.NEWS | [new file with mode: 0644] | blob |
| debian/rules | diffblobblamehistory | |
| src/afs/afs_cell.c | diffblobblamehistory |