[1861] in Kerberos-V5-bugs
Re: k5: ksu
daemon@ATHENA.MIT.EDU (Christopher Provenzano)
Thu Apr 4 02:17:39 1996
Reply-To: proven@cygnus.com
To: Ken Raeburn <raeburn@cygnus.com>
Cc: krb5-bugs@MIT.EDU
In-Reply-To: Your message of "01 Apr 1996 03:38:15 EST."
<tx1pw9s730o.fsf@kr-laptop.cygnus.com>
Date: Wed, 03 Apr 1996 20:45:10 -0500
From: Christopher Provenzano <proven@proven.org>
>
> From: "Richard Basch" <basch@lehman.com>
> Date: Wed, 27 Mar 1996 16:01:29 -0500
>
> This fails:
> > kinit basch
> ...
> > ksu
> Password for basch/root...
>
> > ksu
> basch does not have correct permissions for /tmp/krb5cc_2782.2
>
> Basically, my credentials file changed ownership to root...
>
> The ccache should not even briefly have its ownership changed; the
> user could be trying to use it in another window. Chris was supposed
> to be working on fixing that for us Sunday, but I haven't talked to
> him.
The fix is to remove the call to krb5_ccache_refresh(). All it does is
go through the current ccache and remove expired tickets. Actually it
creates a new one and copies the good tickets to it and deletes the old
ccache. Since the program is suid root this of course creates the file
as root. Later ksu makes another ccache (so long as the use existing
ccache flag isn't set) againg copying non expired ticket to the new cache.
Does something sound a little redundant? I think so and so I removed the
offending code which fixed the problem.
CAP
