diff options
| author | Ben Kaduk <kaduk@mit.edu> | 2012-07-03 10:27:20 -0400 |
|---|---|---|
| committer | Ben Kaduk <kaduk@mit.edu> | 2013-11-04 13:43:36 -0500 |
| commit | 0415740bb569bad53b18f4483837e7e037f88544 (patch) | |
| tree | f8f1ff9ad2d2f619a415d831ca262de0f01825ed /src/slave | |
| parent | f7e434aa7ecb05a6ade5e3d4a435d25069acd5b2 (diff) | |
| download | krb5-0415740bb569bad53b18f4483837e7e037f88544.tar.gz krb5-0415740bb569bad53b18f4483837e7e037f88544.tar.xz krb5-0415740bb569bad53b18f4483837e7e037f88544.zip | |
Remove last uses of "possibly-insecure" mktemp(3)
Many libc implementations include notations to the linker to generate
warnings upon references to mktemp(3), due to its potential for
insecure operation. This has been the case for quite some time,
as was noted in RT #6199. Our usage of the function has decreased
with time, but has not yet disappeared entirely. This commit
removes the last few instances from our tree.
kprop's credentials never need to hit the disk, so a MEMORY ccache
is sufficient (and does not need randomization).
store_master_key_list is explicitly putting keys on disk so as to
do an atomic rename of the stash file, but since the stash file
should be in a root-only directory, we can just use a fixed name
for the temporary file. When using this fixed name, we must detect
(and error out) if the temporary file already exists; add a test to
confirm that we do so.
ticket: 1794
Diffstat (limited to 'src/slave')
| -rw-r--r-- | src/slave/kprop.c | 16 |
1 files changed, 7 insertions, 9 deletions
diff --git a/src/slave/kprop.c b/src/slave/kprop.c index acdca0a5a1..b668147dc1 100644 --- a/src/slave/kprop.c +++ b/src/slave/kprop.c @@ -187,9 +187,9 @@ void PRS(argc, argv) void get_tickets(context) krb5_context context; { - char buf[BUFSIZ], *def_realm; + char const ccname[] = "MEMORY:kpropcc"; + char *def_realm; krb5_error_code retval; - static char tkstring[] = "/tmp/kproptktXXXXXX"; krb5_keytab keytab = NULL; /* @@ -230,20 +230,18 @@ void get_tickets(context) #endif /* - * Initialize cache file which we're going to be using + * Use a memory cache to avoid possible filesystem conflicts. */ - (void) mktemp(tkstring); - snprintf(buf, sizeof(buf), "FILE:%s", tkstring); - - retval = krb5_cc_resolve(context, buf, &ccache); + retval = krb5_cc_resolve(context, ccname, &ccache); if (retval) { - com_err(progname, retval, _("while opening credential cache %s"), buf); + com_err(progname, retval, _("while opening credential cache %s"), + ccname); exit(1); } retval = krb5_cc_initialize(context, ccache, my_principal); if (retval) { - com_err(progname, retval, _("when initializing cache %s"), buf); + com_err(progname, retval, _("when initializing cache %s"), ccname); exit(1); } |