[OpenAFS] File ownership/permissions semantics
Mon, 06 Nov 2006 12:18:49 -0500
"Christopher D. Clausen" <firstname.lastname@example.org> writes:
>> If you use the file ownership, not the name, to identify the student
>> then I don't see any chance for impersonation.
> Actually, I was just thinking about this...
> Couldn't a student handin their own homework and then create a huge
> number of random files to fill up all available directory entry slots,
> thus breaking the handin app for subsequent handin attempts? It would
> be obvious who this student was, but it could still be an annoyance.
This attack also already exists in the current implementation so it's
no worse in the new model than the existing model.
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available