[OpenAFS] Kerberos 5 cache in /tmp
Jenkins, Steven
JENKINSS@mail.etsu.edu
Thu, 8 Apr 2004 11:33:11 -0400
What about SELinux? It's moved beyond the PhD thesis stage IMO.
Steven
-----Original Message-----
From: openafs-info-admin@openafs.org
[mailto:openafs-info-admin@openafs.org] On Behalf Of Ken Hornstein
Sent: Thursday, April 08, 2004 11:31 AM
To: OpenAFS-info@openafs.org
Subject: Re: [OpenAFS] Kerberos 5 cache in /tmp=20
>> True. But that problem only occurs because the kernel code allows=20
>> all
>> memory to be read by "root". It would be nice if all OS's has a =20
>> "protected store" memory area who's sections could only be mapped to
>> each authenticated user. Don't ask me how...I just work here.
>>
>
>Capabilities solve that problem.
We were batting around the idea of working on a capability-based system
last year. There is one glaring problem: all of the capability-based
systems that are available today are all geared toward producing PhD
thesis rather than actually being useful. I made the mistake once of
trying to use somebody's PhD thesis software in a real application; I
won't make that mistake again. As always, YMMV.
--Ken
_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info