[OpenAFS] Kerberos 5 cache in /tmp

Rodney M Dyer rmdyer@uncc.edu
Wed, 07 Apr 2004 20:21:44 -0400

At 07:17 PM 4/7/2004, you wrote:
>Thus spake Rodney M Dyer (rmdyer@uncc.edu):
> > True.  But that problem only occurs because the kernel code allows all
> > memory to be read by "root".  It would be nice if all OS's has a
> > "protected store" memory area who's sections could only be mapped to
> > each authenticated user.
>And who compiles and installes the kernel?
>Wasn't it -- root?

Ok, I guess I was asking for that one.  :(

How about...  On an OS that has a "protected store", even root isn't 
allowed to install a kernel.  The only people who can install kernels are 
the people who have the firmware passwords for the machines?  Will that work?