[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bad interraction between krb5_context and krb5_ccache
On Fri, Nov 17, 2000 at 09:03:32PM +1100, Brian May wrote:
> >>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams@ubsw.com> writes:
> Nicolas> Sortof. The MIT Kerberos apps (e.g., telnetd) create a
> Nicolas> ccache as root with a name based on the PID, then
> I have to wonder: what security holes does this create?
Well, yes, it's a problem; open() nowadays mode options that allow one
to avoid the symlink issue. But I doubt it's taken advantage of in MIT
code, or that it's even available on most platforms.
> Brian May <email@example.com>