oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Check fcache st_uid == geteuid(), not getuid()

Browse Source 
Programs like sshd may create or access a ccache with
ruid != user's UID, euid == user's UID.

Set-uid-0 programs (ob reminder: they start life as ruid == user's UID,
euid == 0) shouldn't unintentionally access ccaches.  Therefore we
shouldn't check both of ruid and euid, just euid.
This commit is contained in:
Nicolas Williams
2013-10-04 18:24:38 -05:00
parent 0b9891214e
commit f10de508a6
1 changed files with 2 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/krb5/fcache.c
View File

@@ -494,10 +494,9 @@ again:
/* /*
* XXX Should probably add options to improve control over this * XXX Should probably add options to improve control over this
* check. We might want strict checking of everything except * check. We might want strict checking of everything except
* this, and we might want st_uid == getuid() || st_uid == geteuid() * this.
* to be OK.
*/ */
if (sb2.st_uid != getuid()) { if (sb2.st_uid != geteuid()) {
krb5_set_error_message(context, EPERM, N_("Refuses to open cache files not own by myself FILE:%s (owned by %d)", ""), filename, (int)sb2.st_uid); krb5_set_error_message(context, EPERM, N_("Refuses to open cache files not own by myself FILE:%s (owned by %d)", ""), filename, (int)sb2.st_uid);
close(fd); close(fd);
return EPERM; return EPERM;