[krbdev.mit.edu #8651] profile library may try to reread from special device files
Greg Hudson via RT
rt-comment at KRBDEV-PROD-APP-1.mit.edu
Mon Mar 19 10:38:54 EDT 2018
I think I was wrong about stat("/dev/fd/NN") returning the current
time as mtime for a pipe. I think to manifest this problem, kinit
has to initially open() and stat() the profile before printf has
finished writing to the pipe. (It will then block reading the data
from printf, but it already recorded the timestamp, and it doesn't
stat() again afterwards.) That's much less likely than the clock
second rolling over between profile_init and profile_get.
I was able to produce a failure using many repeated invocations of
KRB5_KDC_PROFILE=<(printf ...) kinit -k -t KDB:, but it took a long
time. To produce a failure in just one try, I wrote a simple test
program:
int
main(int argc, char **argv)
{
profile_t profile;
char *str;
if (profile_init_path(argv[1], &profile) != 0)
abort();
if (profile_get_string(profile, "a", "b", NULL, "no", &str) != 0)
abort();
printf("%s\n", str);
profile_release_string(str);
return 0;
}
and ran it with:
./a.out <(sleep 1; printf "[a]\nb=yes\n")
More information about the krb5-bugs
mailing list