kinit issue

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

kinit issue

prashant  sodhiya
Hi,
  In MIT kerberos  a "kinit" creates  a credential file in /tmp, which is a world-writable directory.

$ ls  -l  /
        drwxrwxrwt   9 bin      bin            3584 Aug 30 15:07 tmp

I feel it can lead to Denial of Service attack if some other user can create a credential file as that of a valid kerberos user.
Is it  true in MIT kerberos?.How it handled in MIT Kerberos?
Pls give some insights into it.

thnx n regards
Prashant
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: kinit issue

Russ Allbery
"prashant sodhiya" <[hidden email]> writes:

>?In MIT kerberos a "kinit" creates a credential file in /tmp, which is a
> world-writable directory.

> $ ls  -l  /
> drwxrwxrwt   9 bin      bin            3584 Aug 30 15:07 tmp

> I feel it can lead to Denial of Service attack if some other user can
> create a credential file as that of a valid kerberos user.  Is it true
> in MIT kerberos?

If you insist on one particular name for a ticket cache, then yes, someone
could create a file with that name and deny you the use of that name.  To
avoid this, don't insist on one particular name for a ticket cache but
instead create the ticket cache with mkstemp or a similar routine.

--
Russ Allbery ([hidden email])             <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos