[krbdev.mit.edu #8717] racecondition in posix platformAccess code path

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[krbdev.mit.edu #8717] racecondition in posix platformAccess code path

Greg Hudson via RT-2
Dear Team,

File: localauth_k5login.c#L110

I believe this indicates a security flaw, If an attacker can change
anything along the path between the call access() and the files actually
used, attacker may exploit the race condition or a time-of-check,
time-of-use race condition, request team to please have a look and
validate.


Thank you

--
Regards

*Dhiraj Mishra.*GPG ID :  51720F56   |  Finger Print : 1F6A FC7B 05AA CF29
8C1C  ED65 3233 4D18 5172 0F56

_______________________________________________
krb5-bugs mailing list
[hidden email]
https://mailman.mit.edu/mailman/listinfo/krb5-bugs