[OpenAFS-devel] Re: [PATCH] in-core AFS multiplexor and PAG support

[Neulinger, Nathan]

> > If someone obtains my user id on in any way (i.e. weak password/
> > bufferoverflow/ root exploit), he should not be allowed to=20
> use or access
> > my tokens as he hasn't proven his identity. In this case he=20
> would either
> > still be in his original process authentication group, or a new and
> > empty PAG. But definitely not in any of my authentication groups.
> >=20
> > Which is also why joining a PAG should never be allowed.
>=20
> Someone asked for it, but I suspect if allowed at all it may=20
> be best that this
> ability is governed by its own capability bit and also that=20
> the security
> interface should be consulted.

Definately. This is only allowed for root in any case. (Or the cap as
you describe.)

-- Nathan