[OpenAFS] Kerberos 5 cache in /tmp

Jenkins, Steven JENKINSS@mail.etsu.edu
Thu, 8 Apr 2004 11:33:11 -0400

What about SELinux?  It's moved beyond the PhD thesis stage IMO.


-----Original Message-----
From: openafs-info-admin@openafs.org
[mailto:openafs-info-admin@openafs.org] On Behalf Of Ken Hornstein
Sent: Thursday, April 08, 2004 11:31 AM
To: OpenAFS-info@openafs.org
Subject: Re: [OpenAFS] Kerberos 5 cache in /tmp=20

>> True.  But that problem only occurs because the kernel code allows=20
>> all
>> memory to be read by "root".  It would be nice if all OS's has a =20
>> "protected store" memory area who's sections could only be mapped to

>> each authenticated user.  Don't ask me how...I just work here.
>Capabilities solve that problem.

We were batting around the idea of working on a capability-based system
last year.  There is one glaring problem: all of the capability-based
systems that are available today are all geared toward producing PhD
thesis rather than actually being useful.  I made the mistake once of
trying to use somebody's PhD thesis software in a real application; I
won't make that mistake again.  As always, YMMV.

OpenAFS-info mailing list