Default ACLs for FILE: ccaches on Windows
Jeffrey Hutzelman
jhutz at cmu.edu
Mon Jul 24 00:05:14 EDT 2006
On Sunday, July 23, 2006 11:22:52 AM -0400 Jeffrey Altman <jaltman at mit.edu>
wrote:
> (2) copy the ACLs from the old ccache file before file deletion
> and use them for the creation of the replacement file.
I think this is a bad idea. If I can predict what filename you will use, I
can create a file on which we both have full access, including delete. If
I guess correctly, then you will delete this file and create a new ccache
on which I also have full access.
Unless you can protect against this, the ACL's should not be copied.
-- Jeff
More information about the krbdev
mailing list