in Kerberos-V5-bugs
[krbdev.mit.edu #8717] racecondition in posix platformAccess code
daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Thu Jul 26 12:58:12 2018
From: "Greg Hudson via RT" <rt-comment@KRBDEV-PROD-APP-1.mit.edu>
To: "'AdminCc of krbdev.mit.edu Ticket #8717'":;
Date: Thu, 26 Jul 2018 12:58:07 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
How would an attacker gain access to the path to a user's home
directory? The path to .k5login can alternatively be configured via
[libdefaults] k5login_directory, but it seems very unlikely that an
administrator would set that path to something underneath /tmp or
Also, what would be the adverse security impact of making the .k5login
appear to exist at one moment but then be unopenable when the code
tries to open it? It seems like that would just cause the localauth
operation to deny access.
I moderated this through because I don't think there is actually a
security issue, but please use email@example.com to report bugs
which you believe are exploitable.
krb5-bugs mailing list