kinit issue
Russ Allbery
rra at stanford.edu
Tue Aug 30 20:01:40 EDT 2005
"prashant sodhiya" <prashant_sodhiya at rediffmail.com> writes:
> In MIT kerberos a "kinit" creates a credential file in /tmp, which is a
> world-writable directory.
> $ ls -l /
> drwxrwxrwt 9 bin bin 3584 Aug 30 15:07 tmp
> I feel it can lead to Denial of Service attack if some other user can
> create a credential file as that of a valid kerberos user. Is it true
> in MIT kerberos?
If you insist on one particular name for a ticket cache, then yes, someone
could create a file with that name and deny you the use of that name. To
avoid this, don't insist on one particular name for a ticket cache but
instead create the ticket cache with mkstemp or a similar routine.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list