[OpenAFS] Kerberos 5 cache in /tmp

Kris Van Hees aedil-afs@alchar.org
Wed, 7 Apr 2004 23:07:46 -0400 

On Wed, Apr 07, 2004 at 07:50:30PM -0700, John Rudd wrote:
> Capabilities solve that problem.  With a capability OS, all OS objects  
> (processes, files, directories, device drivers, etc.) are distinct  
> entities that have a unique identity and a unique set of  
> "capabilities".  The capability is like an ACL, in that it specifies  
> exactly what each other object is or isn't allowed to do to that  
> object.  In a combination of OO and AFS thinking, think of it like  
> every object has a token, and instead of an AFS-like defined set of ACL  
> attributes, every method for that object ("read", "write", "open",  
> "delete", "send", "encrypt", "decrypt", etc.) has a list of other  
> objects that may or may not use that method.

Either way, as long as you have the ability to compile and install your own
kernel, there isn't anything that can be done.  Because you can always slip
code into that kernel that defeats very protections that were part of the
design of that same kernel.  If you have that power over the local machine,
you literally have complete power over it.  Nothing can prevent that.

Of course, that means that you simply have to do anything possible to prevent
people from being able to use their own kernels on their local machines, e.g.
by providing netboot kernels, and some form of authentication with the servers
to establish a trust relationship between the client machine and the servers.
Once the servers know that the client machine runs a trusted kernel, you are in
business.

> (I've also had the plan-9 people tell me that they think of their file  
> name space to effectively be a capability system, in that being able to  
> name an object is the same as being able to use/access it, so if you  
> don't want your inheritors to access you, you remove yourself from  
> their name space ... but it's not a strict one, because they can  
> essentially add you back without your being able to deny that)

Well, Plan9 is a whole other concept :)  Almost everything is done in just a
bit different of a way compared to the rest of the world.  It's a nice system
though.  I'd go more in detail on your comment, but I think that would take us
*way* out of context in this discussion.

	Kris