On Aug 29, 2007, at 2:43 PM, Howard Chu wrote:
It sounds like you're happy with the inheritance model and don't need anything else. But again, your assertion that strict inheritance in the implementation guarantees secure usage is false.
"I'm happy with the inheritance model and don't need anything else." ;-) I could be convinced it's not good enough, but I'd need a good use case.
Don't confuse my assertion of what the properties *should* be with an assertion that it's what they really are for a real implementation. Likewise w.r.t. whether the intended properties are really sufficient for security in any specific real environment.
My point was that the PAG model is superior to Kerberos's FILE: ccache model. Also while setgroups() may not be sufficiently protected to really satisfy the model, it's at least harder than setenv.
------------------------------------------------------------------------ The opinions expressed in this message are mine, not those of Caltech, JPL, NASA, or the US Government. [EMAIL PROTECTED], or [EMAIL PROTECTED] _______________________________________________ OpenAFS-devel mailing list OpenAFS-devel@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-devel
