[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bad interraction between krb5_context and krb5_ccache
>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams@ubsw.com> writes:
Nicolas> Sortof. The MIT Kerberos apps (e.g., telnetd) create a
Nicolas> ccache as root with a name based on the PID, then
I have to wonder: what security holes does this create?
ie. normally creating a file with a predictable name under /tmp is
frowned upon for security reasons, however all automatically generated
ccache names are very predictable.
At the very minimum, I could imagine a denial of service attack (a
user creates a dummy ccache file so another user can't obtain a
ticket), at the worst, a race condition probably exist with sym-links
(I can't remember the details, but I know people have complained about
similar problems in other programs).
--
Brian May <bam@snoopy.apana.org.au>