ccache using linux keyring

Ken Hornstein kenh at
Thu Apr 14 11:09:18 EDT 2005

>I don't know anything about the Linux keyring, but I'd like to see a 
>kernel credential cache which by default can only be accessed by 
>processes descended from the one that created it, or (optionally) 
>descended from the parent of that process, like the AFS token cache is 
>after setpag().  This would add some resistance against a user-level 
>breakin propagating to everywhere the credentials are authorized.

<aol>Me too!</aol>  (I developed one already, but it's got plenty of
problems, and if it was provided by the kernel, it sure would work


More information about the krbdev mailing list