[krbdev.mit.edu #8717] racecondition in posix platformAccess code path
Dhiraj Mishra via RT
rt-comment at KRBDEV-PROD-APP-1.mit.edu
Thu Jul 26 12:50:12 EDT 2018
Dear Team,
File: localauth_k5login.c#L110
I believe this indicates a security flaw, If an attacker can change
anything along the path between the call access() and the files actually
used, attacker may exploit the race condition or a time-of-check,
time-of-use race condition, request team to please have a look and
validate.
Thank you
--
Regards
*Dhiraj Mishra.*GPG ID : 51720F56 | Finger Print : 1F6A FC7B 05AA CF29
8C1C ED65 3233 4D18 5172 0F56
More information about the krb5-bugs
mailing list