[16087] in Kerberos-V5-bugs

home help back first fref pref prev next nref lref last post

[krbdev.mit.edu #8717] racecondition in posix platformAccess code

daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Thu Jul 26 12:58:12 2018

Mail-followup-to: rt@krbdev.mit.edu
mail-copies-to: never
From: "Greg Hudson via RT" <rt-comment@KRBDEV-PROD-APP-1.mit.edu>
In-Reply-To: <rt-8717@krbdev.mit.edu>
Message-ID: <rt-8717-48726.17.9723558085817@krbdev.mit.edu>
To: "'AdminCc of krbdev.mit.edu Ticket #8717'":;
Date: Thu, 26 Jul 2018 12:58:07 -0400 (EDT)
Reply-To: rt-comment@KRBDEV-PROD-APP-1.mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu

How would an attacker gain access to the path to a user's home 
directory?  The path to .k5login can alternatively be configured via 
[libdefaults] k5login_directory, but it seems very unlikely that an 
administrator would set that path to something underneath /tmp or 
similar.

Also, what would be the adverse security impact of making the .k5login 
appear to exist at one moment but then be unopenable when the code 
tries to open it?  It seems like that would just cause the localauth 
operation to deny access.

I moderated this through because I don't think there is actually a 
security issue, but please use krbcore-security@mit.edu to report bugs 
which you believe are exploitable.
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs

home help back first fref pref prev next nref lref last post