[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Why is KRB5CCNAME ignored if issuid?



On Sun, 22 Jul 2007 14:36:32 -0500
Love Hörnquist Åstrand <lha@kth.se> wrote:

> 
> 21 jul 2007 kl. 20.39 skrev Michael B Allen:
> 
> > Hi,
> >
> > I see an issue with the following code:
> 
> The reason we check for issuid() is that suid tools
> generally should not belive what the user because
> the lower code doesn't open the file as the user instead
> as setuid user.
> 
> Consider what would happen if you set KRB5CCFILE to
> /vmlinuz and and the tool happily wrote down a krb5 cred
> cache into the linux kernel.

Hi Love,

Would it help if issuid() was smart enough to distinquish between an
suid program that escalates the user's priviledges and the seteuid(2)
scenario where the user gives away priviledges?

If your real uid is root and the effective uid is 'nobody' then shouldn't
it be ok to write to the FS as 'nobody'?

Mike

-- 
Michael B Allen
PHP Active Directory Kerberos SSO
http://www.ioplex.com/