porting CCAPI to UNIX
Russ Allbery
rra at stanford.edu
Wed May 9 16:56:12 EDT 2007
Nicolas Williams <Nicolas.Williams at sun.com> writes:
> On Wed, May 09, 2007 at 12:31:12PM -0700, Russ Allbery wrote:
>> AFS PAGs provide cross-session process isolation (well, not from root,
>> but that's a different matter). I was actually under the impression
>> that keyrings did as well.
> So processes in one of a user's sessions cannot trace the same user's
> processes in other sessions?
Basically, see Ken's message. I'm more worried about getting separation
by default and requiring a lot of hoop-jumping to grab keys from another
session. I don't really care that much about making it completely
impossible.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the krbdev
mailing list