oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Comment why no ccache hard-links

Browse Source
This commit is contained in:
Nicolas Williams
2016-03-29 11:47:26 -05:00
parent 3c9dcd60c0
commit 62f982a87b
1 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
lib/krb5/fcache.c
View File

@@ -479,6 +479,17 @@ again:
} }
#endif #endif
/*
* /tmp (or wherever default ccaches go) might not be on its own
* filesystem, or on a filesystem different /etc, say, and even if
* it were, suppose a user hard-links another's ccache to her
* default ccache, then runs a set-uid program that will user her
* default ccache (even if it ignores KRB5CCNAME)...
*
* Default ccache locations should really be on per-user non-tmp
* locations on tmpfs "run" directories. But we don't know here
* that this is the case. Thus: no hard-links, no symlinks.
*/
if (sb2.st_nlink != 1) { if (sb2.st_nlink != 1) {
krb5_set_error_message(context, EPERM, N_("Refuses to open hardlinks for caches FILE:%s", ""), filename); krb5_set_error_message(context, EPERM, N_("Refuses to open hardlinks for caches FILE:%s", ""), filename);
close(fd); close(fd);