[24560] in Kerberos
Re: kinit issue
daemon@ATHENA.MIT.EDU (Russ Allbery)
Tue Aug 30 20:13:30 2005
From: Russ Allbery <rra@stanford.edu>
Date: Tue, 30 Aug 2005 17:01:40 -0700
Message-ID: <87acizrn2z.fsf@windlord.stanford.edu>
To: kerberos@mit.edu
Errors-To: kerberos-bounces@mit.edu
"prashant sodhiya" <prashant_sodhiya@rediffmail.com> writes:
> In MIT kerberos a "kinit" creates a credential file in /tmp, which is a
> world-writable directory.
> $ ls -l /
> drwxrwxrwt 9 bin bin 3584 Aug 30 15:07 tmp
> I feel it can lead to Denial of Service attack if some other user can
> create a credential file as that of a valid kerberos user. Is it true
> in MIT kerberos?
If you insist on one particular name for a ticket cache, then yes, someone
could create a file with that name and deny you the use of that name. To
avoid this, don't insist on one particular name for a ticket cache but
instead create the ticket cache with mkstemp or a similar routine.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos