[OpenAFS] Kerberos 5 cache in /tmp

Ken Hornstein kenh@cmf.nrl.navy.mil
Thu, 08 Apr 2004 11:31:08 -0400

>> True.  But that problem only occurs because the kernel code allows all  
>> memory to be read by "root".  It would be nice if all OS's has a  
>> "protected store" memory area who's sections could only be mapped to  
>> each authenticated user.  Don't ask me how...I just work here.
>Capabilities solve that problem.

We were batting around the idea of working on a capability-based system
last year.  There is one glaring problem: all of the capability-based
systems that are available today are all geared toward producing PhD
thesis rather than actually being useful.  I made the mistake once of
trying to use somebody's PhD thesis software in a real application; I
won't make that mistake again.  As always, YMMV.