[24560] in Kerberos

home help back first fref pref prev next nref lref last post

Re: kinit issue

daemon@ATHENA.MIT.EDU (Russ Allbery)
Tue Aug 30 20:13:30 2005

From: Russ Allbery <rra@stanford.edu>
Date: Tue, 30 Aug 2005 17:01:40 -0700
Message-ID: <87acizrn2z.fsf@windlord.stanford.edu>
To: kerberos@mit.edu
Errors-To: kerberos-bounces@mit.edu

"prashant sodhiya" <prashant_sodhiya@rediffmail.com> writes:

> In MIT kerberos a "kinit" creates a credential file in /tmp, which is a
> world-writable directory.

> $ ls  -l  /
> 	drwxrwxrwt   9 bin      bin            3584 Aug 30 15:07 tmp

> I feel it can lead to Denial of Service attack if some other user can
> create a credential file as that of a valid kerberos user.  Is it true
> in MIT kerberos?

If you insist on one particular name for a ticket cache, then yes, someone
could create a file with that name and deny you the use of that name.  To
avoid this, don't insist on one particular name for a ticket cache but
instead create the ticket cache with mkstemp or a similar routine.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

home help back first fref pref prev next nref lref last post