From f10de508a6bfeafa1dd4f9487aa418b49a3ed2d7 Mon Sep 17 00:00:00 2001
From: Nicolas Williams <nico@cryptonector.com>
Date: Fri, 4 Oct 2013 18:24:38 -0500
Subject: [PATCH] Check fcache st_uid == geteuid(), not getuid()

Programs like sshd may create or access a ccache with
ruid != user's UID, euid == user's UID.

Set-uid-0 programs (ob reminder: they start life as ruid == user's UID,
euid == 0) shouldn't unintentionally access ccaches.  Therefore we
shouldn't check both of ruid and euid, just euid.
---
 lib/krb5/fcache.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/lib/krb5/fcache.c b/lib/krb5/fcache.c
index dfa1c7c1a..6bf111c0b 100644
--- a/lib/krb5/fcache.c
+++ b/lib/krb5/fcache.c
@@ -494,10 +494,9 @@ again:
 	/*
 	 * XXX Should probably add options to improve control over this
 	 * check.  We might want strict checking of everything except
-	 * this, and we might want st_uid == getuid() || st_uid == geteuid()
-	 * to be OK.
+	 * this.
 	 */
-	if (sb2.st_uid != getuid()) {
+	if (sb2.st_uid != geteuid()) {
 	    krb5_set_error_message(context, EPERM, N_("Refuses to open cache files not own by myself FILE:%s (owned by %d)", ""), filename, (int)sb2.st_uid);
 	    close(fd);
 	    return EPERM;