[2212] in Kerberos-V5-bugs
Re: security hole in v4 and v5 login?
daemon@ATHENA.MIT.EDU (schemers@stanford.edu)
Mon Sep 9 19:17:59 1996
Date: Mon, 9 Sep 1996 16:17:46 -0700 (PDT)
From: schemers@stanford.edu
To: Sam Hartman <hartmans@MIT.EDU>
Cc: schemers@stanford.edu, krb5-bugs@MIT.EDU
In-Reply-To: <tsld8zv7532.fsf@tertius.mit.edu>
Sam Hartman writes:
> >>>>> "schemers" == schemers <schemers@stanford.edu> writes:
>
> I tend to agree with you that the particular section of code
> you quote could use some re-writing, but I disagree that there is a
> race condition if the sticky bit is set on /tmp. If the sticky bit is
> set, only root can unlink the cache. If you're already root, we don't
> care if you mangle /etc/passwd.
>
> If you run Kerberos inan environment where your cache
> directory doesn't have a sticky bit set, you are likely to run into
> more significant problems.
>
Ah yes, I think your right. I was also thinking about the case where
the cache file already exists and is owned by the user. It looks like V5
cred-cache code unlinks it first though.
thanks, roland
