Coda File System

Re: Coda security and root.

From: Ivan Popov <>
Date: Fri, 5 Sep 2003 09:30:56 +0200 (MEST)
Hello Samir,

On Thu, 4 Sep 2003, Samir Patel wrote:

> Say user A borrows user B's laptop to modify some files in user A's
> home directory.  Also assume that user B shouldn't have access to user
> A's files.

this scenario makes the user A totally dependent on the user B,
it is not a Coda fault.

B could have installed a keyboard sniffer or worse a program
that takes initiative as soon as user A authenticates herself,
and makes any operations as A, like copying files to a place accessible to
B or modifying them at B's discretion.

> Essentially, it appears that once a user has root access and is in
> disconnected mode, that user can do anything with cached Coda files.
> Isn't this bad?

Yes it is, but you cannot avoid trusting the hardware anyway, and in Unix
root is at the same level - you cannot avoid root, by any means.

Of course, a certain kind of situations like stolen laptop is more
pleasant when you do not have cached files. You have to choose - either
disconnected operation, or "no files locally".

There may be some solutions for cryptographical protection of the data,
residing in the cache, but we do not have one yet.

Received on 2003-09-05 03:32:30