[OpenAFS] Kerberos 5 cache in /tmp

Rodney M Dyer rmdyer@uncc.edu
Wed, 07 Apr 2004 18:58:11 -0400

At 06:26 PM 4/7/2004, you wrote:

>Not that an in-memory credential cache would make any difference in this 
>If you have root privs you can access it.  This is true on Windows as 
>well.  If
>you are SYSTEM you can do whatever you want.

True.  But that problem only occurs because the kernel code allows all 
memory to be read by "root".  It would be nice if all OS's has a "protected 
store" memory area who's sections could only be mapped to each 
authenticated user.  Don't ask me how...I just work here.


>Jeffrey Altman