Re: PIPE ccache implementation for Heimdal

["Ken Hornstein (Contractor)" <kenh@cmf.nrl.navy.mil>]

>Unfortunately I've only tested kinit, klist and kdestroy because I don't
>have access to the necessary kerberized services like rcp and such. I
>was just curious as to how this worked in general and I won't be using
>it in the near future (it still doesn't solve my web server scenario
>since a mischievous user can easily find the said descriptor and access
>the ccache).

Um, that is not correct (that was the whole point of the PIPE cache).
How could a mischievous user get access to that descriptor if they are
not one of the descendants of the original process?  While the PIPE
descriptor does appear in /proc for the processes on some operating
systems, when I looked at that you couldn't actually use descriptors
created by socketpair() for anything.

Now if your concern is processes WITHIN the ancestry hierarchy of the
master process, well, I can't imagine a credential cache that could
possibly solve that problem.

--Ken