[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bad interraction between krb5_context and krb5_ccache

>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams@ubsw.com> writes:

    Nicolas> Sortof. The MIT Kerberos apps (e.g., telnetd) create a
    Nicolas> ccache as root with a name based on the PID, then

I have to wonder: what security holes does this create?

ie. normally creating a file with a predictable name under /tmp is
frowned upon for security reasons, however all automatically generated
ccache names are very predictable.

At the very minimum, I could imagine a denial of service attack (a
user creates a dummy ccache file so another user can't obtain a
ticket), at the worst, a race condition probably exist with sym-links
(I can't remember the details, but I know people have complained about
similar problems in other programs).
Brian May <bam@snoopy.apana.org.au>