[krbdev.mit.edu #8717] racecondition in posix platformAccess code path

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[krbdev.mit.edu #8717] racecondition in posix platformAccess code path

Greg Hudson via RT-2
Dear Team,

File: localauth_k5login.c#L110

I believe this indicates a security flaw, If an attacker can change
anything along the path between the call access() and the files actually
used, attacker may exploit the race condition or a time-of-check,
time-of-use race condition, request team to please have a look and

Thank you


*Dhiraj Mishra.*GPG ID :  51720F56   |  Finger Print : 1F6A FC7B 05AA CF29
8C1C  ED65 3233 4D18 5172 0F56

krb5-bugs mailing list
[hidden email]