content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 8BIT
Subject: RE: [OpenAFS-devel] Re: [PATCH] in-core AFS multiplexor and PAG support
Date: Tue, 13 May 2003 13:25:17 -0500
Message-ID: <B578DAA4FD40684793C953B491D4879174D3B9@umr-mail7.umr.edu>
Thread-Topic: [OpenAFS-devel] Re: [PATCH] in-core AFS multiplexor and PAG support
Thread-Index: AcMZfI/IAMvYHDaeT+e5LB51/O/knAAAFfjg
From: "Neulinger, Nathan" <nneul@umr.edu>
To: "David Howells" <dhowells@warthog.cambridge.redhat.com>,
       "Jan Harkes" <jaharkes@cs.cmu.edu>,
       "Linus Torvalds" <torvalds@transmeta.com>,
       "David Howells" <dhowells@redhat.com>, <linux-kernel@vger.kernel.org>,
       <linux-fsdevel@vger.kernel.org>, <openafs-devel@openafs.org>
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 976
Lines: 25

> > If someone obtains my user id on in any way (i.e. weak password/
> > bufferoverflow/ root exploit), he should not be allowed to 
> use or access
> > my tokens as he hasn't proven his identity. In this case he 
> would either
> > still be in his original process authentication group, or a new and
> > empty PAG. But definitely not in any of my authentication groups.
> > 
> > Which is also why joining a PAG should never be allowed.
> 
> Someone asked for it, but I suspect if allowed at all it may 
> be best that this
> ability is governed by its own capability bit and also that 
> the security
> interface should be consulted.

Definately. This is only allowed for root in any case. (Or the cap as
you describe.)

-- Nathan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/