Default ACLs for FILE: ccaches on Windows
Jeffrey Altman
jaltman at MIT.EDU
Mon Jul 24 00:14:14 EDT 2006
Jeffrey Hutzelman wrote:
>
>
> On Sunday, July 23, 2006 11:22:52 AM -0400 Jeffrey Altman
> <jaltman at mit.edu> wrote:
>
>> (2) copy the ACLs from the old ccache file before file deletion
>> and use them for the creation of the replacement file.
>
> I think this is a bad idea. If I can predict what filename you will
> use, I can create a file on which we both have full access, including
> delete. If I guess correctly, then you will delete this file and create
> a new ccache on which I also have full access.
>
> Unless you can protect against this, the ACL's should not be copied.
>
> -- Jeff
You raise a good point. I do not believe it is too much to require
of applications to set more expansive ACLs each time
krb5_cc_initialize() is called.
Jeffrey Altman
More information about the krbdev
mailing list