On Mon, 18 Jan 2010 15:11:25 -0500 Derrick Brashear <[email protected]> wrote:
> If you're bored, you can read every FID you can read. Just read them > one at a time, starting with 1. My intuition tells me OpenAFS' fileserver abort threshold would make this take longer, too. > Don't want to let someone read something? There are these ACLs.... > set them. I agree, but >>>> That's something I think might be worth documenting as a security >>>> concern (and plenty of other similar cases). documenting explicitly 'removing l doesn't remove all rights in descendants' is probably a good idea. I'm not aware of anywhere we suggest otherwise, but people tend to think that anyway. It's hard enough to get people not to trust ACLs in "parent" volumes because they don't realize volumes could be mounted from anywhere. -- Andrew Deason [email protected] _______________________________________________ AFS3-standardization mailing list [email protected] http://michigan-openafs-lists.central.org/mailman/listinfo/afs3-standardization
