ccache using linux keyring
Ken Hornstein
kenh at cmf.nrl.navy.mil
Thu Apr 14 11:09:18 EDT 2005
>I don't know anything about the Linux keyring, but I'd like to see a
>kernel credential cache which by default can only be accessed by
>processes descended from the one that created it, or (optionally)
>descended from the parent of that process, like the AFS token cache is
>after setpag(). This would add some resistance against a user-level
>breakin propagating to everywhere the credentials are authorized.
<aol>Me too!</aol> (I developed one already, but it's got plenty of
problems, and if it was provided by the kernel, it sure would work
better).
--Ken
More information about the krbdev
mailing list