[OpenAFS] token security

David Bear David.Bear@asu.edu
Wed, 20 Feb 2002 14:34:08 -0700 (MST)


Something I notices about tokens on linux and I'm not sure if it should be
a security issue or not.

Here's what I did on Caldera OL (red hat derivative)

from kde -- open a shell, the klog
log out of kde
log back in -- cache manager still has the tokens


Now, perhaps I'm thinking too microsoft here, but I assumed that when you
log out of kde, then all processes owned by that login context would be
dropped, including the tokens obtained during that session.  This is what
NT does isn't it?  (an nt/win2k user can log out, then log back in, and
the token is safely 'gone')

What precautions are available to prevent token stealing from linux/kde?


-- 
David Bear
College of Public Programs/ASU
480-965-8257
...the way is like water, going where nobody wants it to go