Hello Samir,

On Thu, 4 Sep 2003, Samir Patel wrote:

> Say user A borrows user B's laptop to modify some files in user A's
> home directory.  Also assume that user B shouldn't have access to user
> A's files.

this scenario makes the user A totally dependent on the user B,
it is not a Coda fault.

B could have installed a keyboard sniffer or worse a program
that takes initiative as soon as user A authenticates herself,
and makes any operations as A, like copying files to a place accessible to
B or modifying them at B's discretion.

> Essentially, it appears that once a user has root access and is in
> disconnected mode, that user can do anything with cached Coda files.
> Isn't this bad?

Yes it is, but you cannot avoid trusting the hardware anyway, and in Unix
root is at the same level - you cannot avoid root, by any means.

Of course, a certain kind of situations like stolen laptop is more
pleasant when you do not have cached files. You have to choose - either
disconnected operation, or "no files locally".

There may be some solutions for cryptographical protection of the data,
residing in the cache, but we do not have one yet.

Cheers,
--
Ivan