[OpenAFS-devel] [LKML] Re: In-kernel Authentication Tokens (PAGs)

[Tomas Olsson]

Alexander Bostr=F6m <abo@e.kth.se> writes:
> > If default PAGs are by uid, it might be possible to use root's PAG after
> > saying "default, please" and calling smth setuid.
>=20
> Our users don't get a PAG when they telnet to one of our hosts, so we've
> never had any real PAG "jail" to begin with. I doubt we really need one.
>=20
Good point.  Of course, any app accessing the wrong files in root's name is
seriously broken regardless of PAG behaviour.

Thanks.

/Tomas