Quoting Derrick J Brashear <[EMAIL PROTECTED]>:
On Wed, 21 Mar 2007, ted creedon wrote:
Therefore, two cells could be used, one suid and the other for everything
else?
You could, but that's not going to prevent the attack unless you
ensure all access to the setuid cell is authenticated and enforce
that at the client end
Well, if everything in the suidcell is system:authuser... That would
enforce that, right?
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
[EMAIL PROTECTED] PGP key available
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
