В Mon, 07 Oct 2013 21:50:49 -0300 Cristian Rodríguez <crrodriguez@opensuse.org> пишет:
I am not convinced that using /tmp is correct... probably we need to modify the default to /run/krb5/$something and allow that directory only to be written and/or read by root...
Credentials cache must be accessible by user whom it belongs.
using named files in /tmp for this purpose looks like a security hole from here.
cifs.upcall actually relies on it being in /tmp because it has to search for it (there is no interface to pass location between kernel and upcall). But in case of systemd using /tmp is in generally wrong (/tmp can be private) and using /run/user/$UID is wrong as well because it does not survive session end. So we need some per-user persistent directory that exists at least as long as system is running.
I'd still like the openSUSE devs to know about this though. Do you think it would be OK if I posted this in the bugzilla?
Yes.
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org