On Thu, 6 Apr 2006, Christopher Allen Wing wrote:
What does Linux have to do with it? I had a module which worked on Linux
and Solaris in 1998 or so... which handled all 3 cases
I was aware of this behavior with some Linux PAM modules, I'm not familiar
with what every other OS and every other other PAM module did, that's all.
Fair. I'd argue targeting one platform is crappy, but I actually gave up
on pam like 5 years ago as futile.
but did not honor env, though I suppose with the relevant checks you could
avoid the attack I was concerned about... which at this point I no longer
even remember the details of.
On these particular (Linux) systems, xscreensaver didn't run as root, so you
couldn't attack it by feeding it an incorrect $KRB5CCNAME.
Actually, now I do remember. 1) a primitive I wanted didn't exist in krb4
and so i was doing something ugly and 2) whether you were root or yourself
was not well-defined and so there was some hoop-jumpoing to make sure the
ticket file ended up being owned correctly which was made harder if you
wanted to reuse an existing ticket file.
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
