RE: [OpenAFS-devel] Re: [PATCH] in-core AFS multiplexor and PAG support
Neulinger, Nathan (nneul@umr.edu)
Tue, 13 May 2003 13:25:17 -0500
> > If someone obtains my user id on in any way (i.e. weak password/
> > bufferoverflow/ root exploit), he should not be allowed to
> use or access
> > my tokens as he hasn't proven his identity. In this case he
> would either
> > still be in his original process authentication group, or a new and
> > empty PAG. But definitely not in any of my authentication groups.
> >
> > Which is also why joining a PAG should never be allowed.
>
> Someone asked for it, but I suspect if allowed at all it may
> be best that this
> ability is governed by its own capability bit and also that
> the security
> interface should be consulted.
Definately. This is only allowed for root in any case. (Or the cap as
you describe.)
-- Nathan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/