Hi, On Tue, Nov 17, 2009 at 01:15:59PM +0100, Carl Fredrik Hammar wrote:
> If run by any other user then it can only recreate the intersection of > credentials between unionfs and the client. This isn't ideal, but it > does ensure that unionfs doesn't accidentally grant the client any new > permissions by mistake. Actually I think this is just right... Whenever a client accesses a resource through a translator, it should be restricted not only by its own access, but also the translator's access. It is actually a problem that this policy is not followed whenever an intermediate translator hands out a "real" port to another translator, and the client reauthenticates it. (The so-called "firmlink problem".) -antrik-
