[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] pam_krb5 & kdm: local root compromise (or misconfiguration?)

To: Helge Bahmann <bahmann@xxxxxxxxxxxxxxxxxxx>, suse-security@xxxxxxxx
Subject: Re: [suse-security] pam_krb5 & kdm: local root compromise (or misconfiguration?)
From: Olaf Kirch <okir@xxxxxxx>
Date: Fri, 6 Dec 2002 21:46:09 +0100
Delivered-to: mailing list suse-security@xxxxxxxx
Delivery-date: Fri, 06 Dec 2002 21:46:49 +0100
Envelope-to: suse@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
In-reply-to: <Pine.LNX.4.44.0212061818230.419-100000@xxxxxxxxxx>
List-help: <mailto:suse-security-help@suse.com>
List-post: <mailto:suse-security@suse.com>
List-subscribe: <mailto:suse-security-subscribe@suse.com>
List-unsubscribe: <mailto:suse-security-unsubscribe-suse=archive.cert.uni-stuttgart.de@suse.com>
Mailing-list: contact suse-security-help@xxxxxxxx; run by ezmlm
References: <Pine.LNX.4.44.0212061818230.419-100000@xxxxxxxxxx>
User-agent: Mutt/1.4i

On Fri, Dec 06, 2002 at 07:21:42PM +0100, Helge Bahmann wrote:
> - tickets are obtained and validated from kdc
> - credentials cache file /tmp/krb5cc_0 (!) is created and KRB5CCNAME set
> accordingly for the session

You should check the README that comes with our pam_krb5 RPM.
It describes how to use separate cc files for all sessions.

> - user logs out, but credentials file is *not* deleted

That is probably a bug in kdm. It should call PAM to close the
session but apparently doesn't.

> - error return is discarded, login continues and all processes strangely
> start up with root privileges

That is a bug indeed, possibly in kdm as well. I will look into this.

Olaf
-- 
Olaf Kirch     |  Anyone who has had to work with X.509 has probably
okir@xxxxxxx   |  experienced what can best be described as
---------------+  ISO water torture. -- Peter Gutmann

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here

Follow-Ups:
- Re: [suse-security] pam_krb5 & kdm: local root compromise (or misconfiguration?)
  - From: Helge Bahmann

References:
- [suse-security] pam_krb5 & kdm: local root compromise (or misconfiguration?)
  - From: Helge Bahmann

Prev by Date: Re: [suse-security] Analyzing FW logs
Next by Date: RE: [suse-security] securityfocus.com
Previous by thread: [suse-security] pam_krb5 & kdm: local root compromise (or misconfiguration?)
Next by thread: Re: [suse-security] pam_krb5 & kdm: local root compromise (or misconfiguration?)
Index(es):
- Date
- Thread