[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Why is KRB5CCNAME ignored if issuid?

To: heimdal-discuss@sics.se, Michael B Allen <miallen@ioplex.com>
Subject: Re: Why is KRB5CCNAME ignored if issuid?
From: Love Hörnquist Åstrand <lha@kth.se>
Date: Sun, 22 Jul 2007 14:36:32 -0500
In-Reply-To: <20070721213957.b196c455.miallen@ioplex.com>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
References: <20070721213957.b196c455.miallen@ioplex.com>
Reply-To: heimdal-discuss@sics.se, Love Hörnquist Åstrand <lha@kth.se>


21 jul 2007 kl. 20.39 skrev Michael B Allen:

> Hi,
>
> I see an issue with the following code:

The reason we check for issuid() is that suid tools
generally should not belive what the user because
the lower code doesn't open the file as the user instead
as setuid user.

Consider what would happen if you set KRB5CCFILE to
/vmlinuz and and the tool happily wrote down a krb5 cred
cache into the linux kernel.

Love

Follow-Ups:
- Re: Why is KRB5CCNAME ignored if issuid?
  - From: Michael B Allen <miallen@ioplex.com>

References:
- Why is KRB5CCNAME ignored if issuid?
  - From: Michael B Allen <miallen@ioplex.com>

Prev by Date: Re: versioned symbols
Next by Date: Re: Why is KRB5CCNAME ignored if issuid?
Prev by thread: Why is KRB5CCNAME ignored if issuid?
Next by thread: Re: Why is KRB5CCNAME ignored if issuid?
Index(es):
- Date
- Thread