The ability to share sensitive information is a key necessity for today's distributed enterprise applications. This paper presents a kernel-level mechanism for controlling the exchanges of sensitive data, termed Protected Data Paths. The mechanism permits only machines with suitable credentials to cache and manipulate protected data, and it gives protection domains access to such data only as per their rights specified in the capabilities they possess. Our implementation of Protected Data Paths in Linux operates by creating protected communication channels between participating machines. Path establishment requires such machines' kernel domains to have suitable credentials. Data transferred via such paths is made available to application-level domains only as per their current data access capabilities, guaranteed by kernellevel supervision of such data accesses.