Default ACLs for FILE: ccaches on Windows

Jeffrey Altman jaltman at MIT.EDU
Mon Jul 24 00:14:14 EDT 2006

Jeffrey Hutzelman wrote:
> On Sunday, July 23, 2006 11:22:52 AM -0400 Jeffrey Altman
> <jaltman at> wrote:
>> (2) copy the ACLs from the old ccache file before file deletion
>>     and use them for the creation of the replacement file.
> I think this is a bad idea.  If I can predict what filename you will
> use, I can create a file on which we both have full access, including
> delete.  If I guess correctly, then you will delete this file and create
> a new ccache on which I also have full access.
> Unless you can protect against this, the ACL's should not be copied.
> -- Jeff

You raise a good point.  I do not believe it is too much to require
of applications to set more expansive ACLs each time
krb5_cc_initialize() is called.

Jeffrey Altman

More information about the krbdev mailing list