Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S262334AbTEMRfm (ORCPT ); Tue, 13 May 2003 13:35:42 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S262360AbTEMRfl (ORCPT ); Tue, 13 May 2003 13:35:41 -0400 Received: from mrelay1.cc.umr.edu ([131.151.1.120]:18317 "EHLO smtp.umr.edu") by vger.kernel.org with ESMTP id S262334AbTEMRfj convert rfc822-to-8bit (ORCPT ); Tue, 13 May 2003 13:35:39 -0400 x-mimeole: Produced By Microsoft Exchange V6.0.6249.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 8BIT Subject: RE: [OpenAFS-devel] Re: [PATCH] in-core AFS multiplexor and PAG support Date: Tue, 13 May 2003 12:48:22 -0500 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [OpenAFS-devel] Re: [PATCH] in-core AFS multiplexor and PAG support Thread-Index: AcMZdx5fXbxsi2BIR+id222V94K2hwAAFyRw From: "Neulinger, Nathan" To: "Linus Torvalds" Cc: "David Howells" , , , Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1159 Lines: 28 > > > Also, using a separate PAG structure means that you can > lend your keys to > > > an SUID program and conversely it means a SUID program > can't so easily > > > gain access to keys it didn't inherit from its caller. > > > > "task->user" always follows uid ("real uid"), and as such > you can always > > switch back and forth by just changing uid. > > So anyone who has the ability to get root on a box can > immediately use other > peoples keys with su... OTOH, the ability to get root would > normally permit > someone sufficiently motivated to get this anyway. This isn't any good since it implies that a given uid can only have a single set of tokens. Users can freely authenticate to afs and get tokens for other afs ids at any time. As long as they are in different pags, they can freely coexist. Now, if you're talking about pag-less only, then the above is reasonable and expected. -- Nathan - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/