Coda File System

Coda security and root.

From: Samir Patel <samir_at_eden.rutgers.edu>
Date: Thu, 4 Sep 2003 23:17:58 -0400 (EDT)
Hey all,

Something I noticed while playing around with coda today:

Say user A borrows user B's laptop to modify some files in user A's
home directory.  Also assume that user B shouldn't have access to user
A's files.

1) User A logs into a dummy local account, authenticates to Coda and
creates/changes files.
2) User A unauthenticates..
3) User A gives laptop back to user B.
4) User B becomes root.
5) User B now has access to all the files in Coda that user A modified
and changed.
6) User B can make changes to these files, but changes will not
propogate back to Coda because Coda tokens are unavailable, but the
volume will go into a disconnected state with CML entries pending for
reintegration.
7) Now if user A borrows user B's laptop again, his Coda directory
will be in the disconnected state and he will be unable to do anything
about it (I think).  If he creates tokens as root, all the changes
that user B made (which user A does not allow or condone)  will
propogate back to coda.


Essentially, it appears that once a user has root access and is in
disconnected mode, that user can do anything with cached Coda files.
Isn't this bad?

Samir
Received on 2003-09-04 23:19:35