[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Why is KRB5CCNAME ignored if issuid?

21 jul 2007 kl. 20.39 skrev Michael B Allen:

> Hi,
> I see an issue with the following code:

The reason we check for issuid() is that suid tools
generally should not belive what the user because
the lower code doesn't open the file as the user instead
as setuid user.

Consider what would happen if you set KRB5CCFILE to
/vmlinuz and and the tool happily wrote down a krb5 cred
cache into the linux kernel.