On Fri, Apr 29, 2005 at 05:31:26PM +0100, Gordon, JC (John) wrote:
> I seem to remember it assumes a common uid/gid domain. That is its
> security, There was talk of adding GSI again though.
Although it's been a while since i last looked at rfio here is how it
works:
The client sends a uid/gid and the server simply uses that uid/gid for
file access. It's *trivial* to abuse, you just send a different uid.
Kostas
|