Root privs with kerberos bug?

Sam Hartman hartmans at MIT.EDU
Mon Jun 10 06:23:36 EDT 2002

>>>>> "imc" == imc dl <imc_dl at> writes:

    imc> Does anybody have information concerning the following
    imc> security problem:

    imc> - - - - - - Kerberos security problems

    imc> There has been discovered a security-hole in kerberized rsh,
    imc> rcp and rlogin.

    imc> Everyone who has setuid-bits set on these applications is
    imc> adviced to disable them.  The hole allows any user on the
    imc> system to gain privilegies of any other user including root.

I cannot speak for KTH or Heimdal, but setting setuid bits on rsh or
rcp or rlogin from the MIT release would be an incredibly bad idea.
The Kerberos r-cmds do not need setuid privileges and thus are not
coded assuming they will be setuid.  No attempt at all has been made
in these applications to work in environments where the setuid bits
are set.  Our install procedure does not set these bits.

In short, if you modify the MIT code and add setuid bits to
applications that should not have them, you will very likely create
significant security holes.  Don't do that.  We also recommend not
setting your password to password or posting your KDC database and
master key file to alt.2600.;-)

More information about the Kerberos mailing list