Bugtraq mailing list archives
Re: Major security-hole in kerberos rsh, rcp and rlogin.
From: polk () BSDI COM (Jeff Polk)
Date: Fri, 7 Nov 1997 09:25:57 -0700
just a note... it appears the bsdi version of su uses kerbose tickets if kerbose is configured.
Yes, but the BSDI kerberosIV implementation does not appear to have the problem (the tf_init() routine which opens the ticket file checks to see that the real uid of the process is either root or owns the ticket file). Jeff -- /\ Jeff Polk Berkeley Software Design, Inc. (BSDI) /\/ \ polk () BSDI COM 5575 Tech Center Dr. #110, Colo Spgs, CO 80919 / \ \ Voice: 719-260-8114 http://www.BSDI.COM/people/polk For years, we thought that a million monkeys sitting at a million keyboards would produce the complete works of Shakespeare. Today, thanks to the Internet, we know that's not true.
Current thread:
- Re: Major security-hole in kerberos rsh, rcp and rlogin. Artur Grabowski (Nov 03)
- <Possible follow-ups>
- Re: Major security-hole in kerberos rsh, rcp and rlogin. Matt (Nov 04)
- Re: Major security-hole in kerberos rsh, rcp and rlogin. Mattias Amnefelt (Nov 06)
- Re: Major security-hole in kerberos rsh, rcp and rlogin. Holden (Nov 06)
- Re: Major security-hole in kerberos rsh, rcp and rlogin. Jeff Polk (Nov 07)
- Re: Major security-hole in kerberos rsh, rcp and rlogin. Robert Watson (Nov 07)