Bugtraq mailing list archives
Re: Major security-hole in kerberos rsh, rcp and rlogin.
From: polk () BSDI COM (Jeff Polk)
Date: Fri, 7 Nov 1997 09:25:57 -0700
just a note... it appears the bsdi version of su uses kerbose tickets if kerbose is configured.
Yes, but the BSDI kerberosIV implementation does not appear to
have the problem (the tf_init() routine which opens the ticket
file checks to see that the real uid of the process is either
root or owns the ticket file).
Jeff
--
/\ Jeff Polk Berkeley Software Design, Inc. (BSDI)
/\/ \ polk () BSDI COM 5575 Tech Center Dr. #110, Colo Spgs, CO 80919
/ \ \ Voice: 719-260-8114 http://www.BSDI.COM/people/polk
For years, we thought that a million monkeys sitting at a million
keyboards would produce the complete works of Shakespeare. Today,
thanks to the Internet, we know that's not true.
Current thread:
- Re: Major security-hole in kerberos rsh, rcp and rlogin. Artur Grabowski (Nov 03)
- <Possible follow-ups>
- Re: Major security-hole in kerberos rsh, rcp and rlogin. Matt (Nov 04)
- Re: Major security-hole in kerberos rsh, rcp and rlogin. Mattias Amnefelt (Nov 06)
- Re: Major security-hole in kerberos rsh, rcp and rlogin. Holden (Nov 06)
- Re: Major security-hole in kerberos rsh, rcp and rlogin. Jeff Polk (Nov 07)
- Re: Major security-hole in kerberos rsh, rcp and rlogin. Robert Watson (Nov 07)