| commit | f10de508a6bfeafa1dd4f9487aa418b49a3ed2d7 | |
| author | Nicolas Williams <nico@cryptonector.com> | |
| Fri, 4 Oct 2013 23:24:38 +0000 (4 18:24 -0500) | ||
| committer | Nicolas Williams <nico@cryptonector.com> | |
| Fri, 4 Oct 2013 23:24:38 +0000 (4 18:24 -0500) | ||
| tree | f08794b9ff2cb43dfbe385337de4a062a435e2b9 | treesnapshot (tar.gz zip) |
| parent | 0b9891214e952b32fcbe6a26ce3279b575818c0d | commitdiff |
Check fcache st_uid == geteuid(), not getuid()
Programs like sshd may create or access a ccache with
ruid != user's UID, euid == user's UID.
Set-uid-0 programs (ob reminder: they start life as ruid == user's UID,
euid == 0) shouldn't unintentionally access ccaches. Therefore we
shouldn't check both of ruid and euid, just euid.
Programs like sshd may create or access a ccache with
ruid != user's UID, euid == user's UID.
Set-uid-0 programs (ob reminder: they start life as ruid == user's UID,
euid == 0) shouldn't unintentionally access ccaches. Therefore we
shouldn't check both of ruid and euid, just euid.
| lib/krb5/fcache.c | diffblobblamehistory |