Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S262072AbVD1LgL (ORCPT ); Thu, 28 Apr 2005 07:36:11 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S262063AbVD1LgK (ORCPT ); Thu, 28 Apr 2005 07:36:10 -0400 Received: from pat.uio.no ([129.240.130.16]:39389 "EHLO pat.uio.no") by vger.kernel.org with ESMTP id S262068AbVD1Lfs (ORCPT ); Thu, 28 Apr 2005 07:35:48 -0400 Subject: Re: [PATCH] private mounts From: Trond Myklebust To: Pavel Machek Cc: Miklos Szeredi , bulb@ucw.cz, hch@infradead.org, jamie@shareable.org, linuxram@us.ibm.com, 7eggert@gmx.de, Alexander Viro , Linux Filesystem Development , linux-kernel@vger.kernel.org, Andrew Morton In-Reply-To: <20050428082444.GK1906@elf.ucw.cz> References: <20050426201411.GA20109@elf.ucw.cz> <20050427092450.GB1819@elf.ucw.cz> <20050427115754.GA8981@vagabond> <20050427123944.GA11020@vagabond> <20050427145842.GD28119@elf.ucw.cz> <1114644116.9947.14.camel@lade.trondhjem.org> <20050428082444.GK1906@elf.ucw.cz> Content-Type: text/plain Date: Thu, 28 Apr 2005 07:35:17 -0400 Message-Id: <1114688117.10083.7.camel@lade.trondhjem.org> Mime-Version: 1.0 X-Mailer: Evolution 2.0.4 Content-Transfer-Encoding: 7bit X-UiO-Spam-info: not spam, SpamAssassin (score=-3.639, required 12, autolearn=disabled, AWL 1.31, FORGED_RCVD_HELO 0.05, UIO_MAIL_IS_INTERNAL -5.00) Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 973 Lines: 25 to den 28.04.2005 Klokka 10:24 (+0200) skreiv Pavel Machek: > Well, administrator on CLIENT can impersonate whoever he wants, and if > data happens to be cached, he can just read them from local memory. So > whatever SERVER administrator does, CLIENT administrator can work > around. This is why you have identity squashing and/or strong security: to stop the CLIENT administrator impersonating whoever he wants and working around your security measures. Yes there's all the FUD about how the administrator can still take over your RPCSEC_GSS creds and/or read cached data once you have logged in. If you log into a compromised client then you're screwed. What's new? Trond -- Trond Myklebust - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/