OPENAFS-SA-2016-001 group creation by foreign users
CVE-2016-2860:
In AFS 3.3 as part of the addition of the cross-cell support for foreign
user auto-registration a bug was introduced that permits foreign users
to create arbitrary groups as if they were system administrators. This
permits the groups to be created without any group quota checks, and
using group names that non-administrators would not normally be able to
create, such as groups with the "system:" prefix or groups with no colon
(that is, in the namespace for users).
Additionally, all entries created using the auto-registration service
were marked as being created by system:administrators. This behavior
should not be changed on the stable release branch, but for the next
release the behavior will change to show these entries as being
self-created, to better reflect reality.
FIXES 132822
[kaduk@mit.edu: reword commit message, minor style adjustments]
Change-Id: I54ddca3e4e1339f76ed320f0d6c53d8820aed89c