Mailinglist Archive: opensuse-security (300 mails)

< Previous Next >
Re: [suse-security] pam_krb5 & kdm: local root compromise (or misconfiguration?)
  • From: Helge Bahmann <bahmann@xxxxxxxxxxxxxxxxxxx>
  • Date: Mon, 9 Dec 2002 15:20:54 +0100 (CET)
  • Message-id: <Pine.LNX.4.44.0212091520330.415-100000@xxxxxxxxxx>
Hello Olaf,

thanks for your quick response.

On Fri, 6 Dec 2002 Olaf Kirch assaulted the keyboard and produced:

> On Fri, Dec 06, 2002 at 07:21:42PM +0100, Helge Bahmann wrote:
> > - tickets are obtained and validated from kdc
> > - credentials cache file /tmp/krb5cc_0 (!) is created and KRB5CCNAME set
> > accordingly for the session
>
> You should check the README that comes with our pam_krb5 RPM.
> It describes how to use separate cc files for all sessions.

you are referring to the ccache parameter? yes I know, I'm using it; but
since the cc file names are still quite easily guessable, the possibility
of the root compromise remains (unless there is some misconfiguration on
my part, which I'm still not sure about -- the behvior is just too
strange).

Will try to produce some more information.

Best regards
--
Helge Bahmann <bahmann@xxxxxxxxxxxxxxxxxxx> /| \__
The past: Smart users in front of dumb terminals /_|____\
_/\ | __)
$ ./configure \\ \|__/__|
checking whether build environment is sane... yes \\/___/ |
checking for AIX... no (we already did this) |






< Previous Next >
This Thread
  • No further messages