[16086] in Kerberos-V5-bugs

home help back first fref pref prev next nref lref last post

[krbdev.mit.edu #8717] racecondition in posix platformAccess code

daemon@ATHENA.MIT.EDU (Dhiraj Mishra via RT)
Thu Jul 26 12:50:19 2018

Mail-followup-to: rt@krbdev.mit.edu
mail-copies-to: never
From: "Dhiraj Mishra via RT" <rt-comment@KRBDEV-PROD-APP-1.mit.edu>
In-Reply-To: <rt-8717@krbdev.mit.edu>
Message-ID: <rt-8717-48725.5.02393248033748@krbdev.mit.edu>
To: "'AdminCc of krbdev.mit.edu Ticket #8717'":;
Date: Thu, 26 Jul 2018 12:50:12 -0400 (EDT)
Reply-To: rt-comment@KRBDEV-PROD-APP-1.mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu

Dear Team,

File: localauth_k5login.c#L110

I believe this indicates a security flaw, If an attacker can change
anything along the path between the call access() and the files actually
used, attacker may exploit the race condition or a time-of-check,
time-of-use race condition, request team to please have a look and
validate.


Thank you

-- 
Regards

*Dhiraj Mishra.*GPG ID :  51720F56   |  Finger Print : 1F6A FC7B 05AA CF29
8C1C  ED65 3233 4D18 5172 0F56

_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs

home help back first fref pref prev next nref lref last post