From 884b0079385112db060750ca3aab31d3d25e837e Mon Sep 17 00:00:00 2001
From: Love Hornquist Astrand <lha@h5l.org>
Date: Fri, 12 Jul 2013 17:20:41 +0200
Subject: [PATCH] Check owner too

---
 lib/krb5/fcache.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/krb5/fcache.c b/lib/krb5/fcache.c
index 1003df1c6..fb4c51357 100644
--- a/lib/krb5/fcache.c
+++ b/lib/krb5/fcache.c
@@ -451,6 +451,11 @@ fcc_open(krb5_context context,
 	    close(fd);
 	    return EPERM;
 	}
+	if (sb2.st_uid != getuid()) {
+	    krb5_set_error_message(context, EPERM, N_("Refuses to open cache files not own by myself FILE:%s (owned by %d)", ""), filename, (int)sb2.st_uid);
+	    close(fd);
+	    return EPERM;
+	}
 	if ((sb2.st_mode & 077) != 0) {
 	    krb5_set_error_message(context, EPERM,
 				   N_("Refuses to open group/other readable files FILE:%s", ""), filename);
-- 
2.11.4.GIT