Path: utzoo!utgpu!watserv1!watmath!att!linac!uwm.edu!wuarchive!zaphod.mps.ohio-state.edu!think.com!mintaka!ogicse!milton!ns.uoregon.edu!duff.uoregon.edu!jqj
From: jqj@duff.uoregon.edu (JQ Johnson)
Newsgroups: comp.protocols.appletalk
Subject: Guest login for CAP/aufs?
Message-ID: <1991Feb1.231328.18260@ns.uoregon.edu>
Date: 1 Feb 91 23:13:28 GMT
Sender: news@ns.uoregon.edu
Reply-To: jqj@duff.uoregon.edu (JQ Johnson)
Organization: University of Oregon Network Services
Lines: 27

I decided to set up anonymous (guest) access to a ru-cap2 Appleshare
server, and ran into a few problems:
1/ On SPARCstations, strcmp doesn't like NULL arguments.  In file
   applications/aufs/afpos.c, change logdir():
	diff afpos.c.ORIGINAL afpos.c
	2842c2842
	<   if (strcmp(user,usrnam) == 0)
	---
	>   if (usrnam != NULL && strcmp(user,usrnam) == 0)

2/ More critically, guest logins do not do a chroot(), so they are much
   less secure than anonymous FTP logins.  The code as written is not
   structured so as to make adding a chroot() easy [by the time we know
   we are a guest login there are random data structures with absolute
   paths, and the semantics aren't clear anyway -- what if the global
   volumes file included a "volume" outside the scope of a 
   chroot(p->pw_dir)?].  Does anyone have suggestions for using the cap
   aufs to provide guest access in ways that are reasonably secure?



-- 
JQ Johnson
Director of Network Services		Internet: jqj@oregon.uoregon.edu
University of Oregon			voice:	(503) 346-4394
250E Computing Center			BITNET: jqj@oregon
Eugene, OR  97403-1212			fax: (503) 346-4397