[480] in Kerberos
Re: bugs in ext_srvtab.c
daemon@TELECOM.MIT.EDU (Jon Rochlis)
Sat Aug 6 19:01:09 1988
From: Jon Rochlis <jon@ATHENA.MIT.EDU>
To: jb%cs.brown.edu@RELAY.CS.NET
Cc: kerberos@ATHENA.MIT.EDU
In-Reply-To: jb%cs.brown.edu@RELAY.CS.NET's message of Sat, 06 Aug 88 07:55:42 -0400,
From: jb%cs.brown.edu@RELAY.CS.NET
Date: Sat, 06 Aug 88 07:55:42 -0400
A second problem is that the srvtab
created has bad permissions. When I ran the program, the srvtab was
readable by everyone on the machine. It should be readable by only root
for security reasons.
Just a minor point here. I have no problem with the umask change you
made, but remember that root may very well not be the person running
ext_srvtab. After all you only need read access to the dir and pag
files. While you probably don't want many user-accounts on your
kerberos master, you might have a few. (I might want an account so I
in could have read-access to the database, but not write. Limit the
damage I could do unless I explicity chose to log in as root. Unix
generally loses in making you spend too much time logged in as root in
anycase.)
-- Jon
