Re: Ever onward

[Wes Hardaker <wjhns1@hardakers.net>]

>>>>> On Wed, 04 Feb 2004 13:19:39 -0500, Eliot Lear <lear@cisco.com> said:

Eliot> To be fair it's not that big a deal to add <steal-lock>.  The issue
Eliot> will be that <steal-lock> itself introduces a set of attacks that
Eliot> would need to be defended against.  Its mere existance would force
Eliot> some sort of non-default authorization so that only a super-root could
Eliot> use it. Otherwise, the attack is as follows:

Eliot> Break into an account (any account with access privileges).
Eliot> Steal everyone's locks.
Eliot> Continue doing this until you get tired or they are able to identify
Eliot> the offending account.

Yep.  The steal-lock option came about during the interim meeting and
the suggestion was that would be an operation only recommended to be
given to root-level administrators, and the lock option might be given
to low-levels instead.
-- 
"In the bathtub of history the truth is harder to hold than the soap,
 and much more difficult to find."  -- Terry Pratchett

--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>