Not really. The user must get a file-descriptor for the key, by opening the file in keyfs (Requires access under keyfs permissions), or by receiving one from a process that sends it one. Such a key can be completely revoked by the sending process at any time, and can be set to only provide whatever permissions are needed.
So, the "label" we use to mark connections, cached rights data, etc cannot simply be the value of the key blob. It needs to be something the user cannot simply set to whatever he wants.
The user can set it to whatever he wants, so long as already has it. If the user is never given a handle to the key, and keyfs is never mounted or has too-strict permissions, then he can't assign himself somebody else's keys.
Sure he can, if he can "guess" the value of a currently in use "pagnum" he can join it by allocating a new key and addigning it the "guessed" value. I guess the thing here is that "what pag the process is in" needs to be secret with this implementation, and yet in certain cases(arlad) one or more "priveleged" processes must know the "pagnum" value for every process on the system(so that it can issue network requests on that process's behalf.
-Matt
Cheers, Kyle Moffett
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCM/CS/IT/U d- s++: a17 C++++>$ UB/L/X/*++++(+)>$ P+++(++++)>$
L++++(+++) E W++(+) N+++(++) o? K? w--- O? M++ V? PS+() PE+(-) Y+
PGP+++ t+(+++) 5 X R? tv-(--) b++++(++) DI+ D+ G e->++++$ h!*()>++$ r !y?(-)
------END GEEK CODE BLOCK------
_______________________________________________ OpenAFS-devel mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-devel
_______________________________________________ OpenAFS-devel mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-devel
