I have found what appears to be a security hole in OS X Server. When I connect to my server with privileges to directories that no-other user can see (except administrator). I then unmount the volume and reconnect as guest (guest has one folder nested with no privileges). Guest lets me mount the root file system just as I was the administrator, I can read files I can write files.
The file creator is set to nobody (I checked with "ls -l"). I triple checked all my permissions.
While the guest has the drive mounted, after a short period of time the server realizes something is wrong and all the lock folders start to appear then the user is promptly disconnected.
What's the deal, this doesn't make me feel like my server is too secure. Please if anyone can tell me if they have had similar experiences it would help me track down the issue.
I have the newest version of "AppleShare" running on the client and the most recent update to OS X Server running.
Maybe some of you can try this out on your networks to see if you have the same problems.
-Wormman
Top
