diff options
| author | Sam Hartman <hartmans@mit.edu> | 1996-05-19 18:52:51 +0000 |
|---|---|---|
| committer | Sam Hartman <hartmans@mit.edu> | 1996-05-19 18:52:51 +0000 |
| commit | f7ef18fa8444d74f7ad6e3c1ae6804ef00b24f79 (patch) | |
| tree | 2f20cec634a357172881ac841f1f2c2868fe9e65 /src/clients/ksu/ccache.c | |
| parent | 1a813ae6f7d501c123fdd3ce748c3b94ba241e8d (diff) | |
| download | krb5-f7ef18fa8444d74f7ad6e3c1ae6804ef00b24f79.tar.gz krb5-f7ef18fa8444d74f7ad6e3c1ae6804ef00b24f79.tar.xz krb5-f7ef18fa8444d74f7ad6e3c1ae6804ef00b24f79.zip | |
Significant security fixes to ksu
* Use source euid all throughout procedure of opening source ccache,
Richard's code had a race condition.
* Use target euid while looking up .k5login and constructing target ccache.
* Avoid chowns completely; they create race conditions. Fchown could
have been used if we wanted to be really careful, but they aren't
necessary and we would have to violate abstractions.
* Clean up several conditions that would allow users to delete
arbitrary files of the user they were ksuing to without authorization.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8049 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/clients/ksu/ccache.c')
| -rw-r--r-- | src/clients/ksu/ccache.c | 34 |
1 files changed, 31 insertions, 3 deletions
diff --git a/src/clients/ksu/ccache.c b/src/clients/ksu/ccache.c index 95cbe84c4..69975204e 100644 --- a/src/clients/ksu/ccache.c +++ b/src/clients/ksu/ccache.c @@ -44,12 +44,13 @@ void show_credential(); */ krb5_error_code krb5_ccache_copy (context, cc_def, cc_other_tag, - primary_principal, cc_out, stored) + primary_principal, cc_out, stored, target_uid) /* IN */ krb5_context context; krb5_ccache cc_def; char *cc_other_tag; krb5_principal primary_principal; +uid_t target_uid; /* OUT */ krb5_ccache *cc_out; krb5_boolean *stored; @@ -74,6 +75,7 @@ struct stat st_temp; cc_def_name = krb5_cc_get_name(context, cc_def); cc_other_name = krb5_cc_get_name(context, *cc_other); + if ( ! stat(cc_def_name, &st_temp)){ if((retval = krb5_get_nonexp_tkts(context,cc_def,&cc_def_creds_arr))){ return retval; @@ -83,7 +85,19 @@ struct stat st_temp; *stored = krb5_find_princ_in_cred_list(context, cc_def_creds_arr, primary_principal); - +#ifdef HAVE_LSTAT + if (!lstat( cc_other_name, &st_temp)) { +#else /*HAVE_LSTAT*/ + if (!stat( cc_other_name, &st_temp)) { +#endif + return EINVAL; + } + + if (krb5_seteuid(0)||krb5_seteuid(target_uid)) { + return errno; + } + + if ((retval = krb5_cc_initialize(context, *cc_other, primary_principal))){ return retval; } @@ -621,11 +635,12 @@ with k5 beta 3 release. ************************************************************************/ krb5_error_code krb5_ccache_copy_restricted (context, cc_def, cc_other_tag, - prst, cc_out, stored) + prst, cc_out, stored, target_uid) krb5_context context; krb5_ccache cc_def; char *cc_other_tag; krb5_principal prst; +uid_t target_uid; /* OUT */ krb5_ccache *cc_out; krb5_boolean *stored; @@ -658,6 +673,19 @@ struct stat st_temp; } +#ifdef HAVE_LSTAT + if (!lstat( cc_other_name, &st_temp)) { +#else /*HAVE_LSTAT*/ + if (!stat( cc_other_name, &st_temp)) { +#endif + return EINVAL; + } + + if (krb5_seteuid(0)||krb5_seteuid(target_uid)) { + return errno; + } + + if ((retval = krb5_cc_initialize(context, *cc_other, prst))){ return retval; } |