From 62f982a87b5c8627deaf3a04bbdb38b1d1f8862f Mon Sep 17 00:00:00 2001
From: Nicolas Williams <nico@twosigma.com>
Date: Tue, 29 Mar 2016 11:47:26 -0500
Subject: [PATCH] Comment why no ccache hard-links

---
 lib/krb5/fcache.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/lib/krb5/fcache.c b/lib/krb5/fcache.c
index 10c5de1f4..b81e518b5 100644
--- a/lib/krb5/fcache.c
+++ b/lib/krb5/fcache.c
@@ -479,6 +479,17 @@ again:
     }
 #endif
 
+    /*
+     * /tmp (or wherever default ccaches go) might not be on its own
+     * filesystem, or on a filesystem different /etc, say, and even if
+     * it were, suppose a user hard-links another's ccache to her
+     * default ccache, then runs a set-uid program that will user her
+     * default ccache (even if it ignores KRB5CCNAME)...
+     *
+     * Default ccache locations should really be on per-user non-tmp
+     * locations on tmpfs "run" directories.  But we don't know here
+     * that this is the case.  Thus: no hard-links, no symlinks.
+     */
     if (sb2.st_nlink != 1) {
 	krb5_set_error_message(context, EPERM, N_("Refuses to open hardlinks for caches FILE:%s", ""), filename);
 	close(fd);