[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Adding entries to a directory

From: olafBuddenhagen
Subject: Re: Adding entries to a directory
Date: Tue, 17 Nov 2009 20:55:38 +0100
User-agent: Mutt/1.5.19 (2009-01-05)


On Tue, Nov 17, 2009 at 01:15:59PM +0100, Carl Fredrik Hammar wrote:

> If run by any other user then it can only recreate the intersection of
> credentials between unionfs and the client.  This isn't ideal, but it
> does ensure that unionfs doesn't accidentally grant the client any new
> permissions by mistake.

Actually I think this is just right... Whenever a client accesses a
resource through a translator, it should be restricted not only by its
own access, but also the translator's access.

It is actually a problem that this policy is not followed whenever an
intermediate translator hands out a "real" port to another translator,
and the client reauthenticates it. (The so-called "firmlink problem".)


reply via email to

[Prev in Thread] Current Thread [Next in Thread]