[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bad interraction between krb5_context and krb5_ccache

On Fri, Nov 17, 2000 at 09:03:32PM +1100, Brian May wrote:
> >>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams@ubsw.com> writes:
>     Nicolas> Sortof. The MIT Kerberos apps (e.g., telnetd) create a
>     Nicolas> ccache as root with a name based on the PID, then
> I have to wonder: what security holes does this create?

Well, yes, it's a problem; open() nowadays mode options that allow one
to avoid the symlink issue. But I doubt it's taken advantage of in MIT
code, or that it's even available on most platforms.

> Brian May <bam@snoopy.apana.org.au>