Default ACLs for FILE: ccaches on Windows

Jeffrey Hutzelman jhutz at
Mon Jul 24 00:05:14 EDT 2006

On Sunday, July 23, 2006 11:22:52 AM -0400 Jeffrey Altman <jaltman at> 

> (2) copy the ACLs from the old ccache file before file deletion
>     and use them for the creation of the replacement file.

I think this is a bad idea.  If I can predict what filename you will use, I 
can create a file on which we both have full access, including delete.  If 
I guess correctly, then you will delete this file and create a new ccache 
on which I also have full access.

Unless you can protect against this, the ACL's should not be copied.

-- Jeff

More information about the krbdev mailing list