Skip Menu |
 

Download (untitled) / with headers
text/plain 3.7KiB
From tlyu@MIT.EDU Thu Nov 7 19:37:13 1996
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id TAA27931 for <bugs@RT-11.MIT.EDU>; Thu, 7 Nov 1996 19:37:12 -0500
Received: from TESLA-COIL.MIT.EDU by MIT.EDU with SMTP
id AA11353; Thu, 7 Nov 96 19:37:11 EST
Received: by tesla-coil.MIT.EDU (5.x/4.7) id AA27730; Thu, 7 Nov 1996 19:37:10 -0500
Message-Id: <9611080037.AA27730@tesla-coil.MIT.EDU>
Date: Thu, 7 Nov 1996 19:37:10 -0500
From: tlyu@MIT.EDU
Reply-To: tlyu@MIT.EDU
To: krb5-bugs@MIT.EDU
Subject: krshd requires home directory
X-Send-Pr-Version: 3.99

Show quoted text
>Number: 167
>Category: krb5-appl
>Synopsis: krshd requires home directory
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: hartmans
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Thu Nov 07 19:38:01 EST 1996
>Last-Modified: Thu Feb 27 21:47:49 EST 1997
>Originator: Tom Yu
>Organization:
mit
Show quoted text
>Release: 1.0-development
>Environment:

System: SunOS tesla-coil 5.4 Generic_101945-37 sun4m sparc


Show quoted text
>Description:
If you try to use krsh while your home directory is not there,
it won't let you in. Whether or not this is a bug is a matter of
perspective. For example, in the Athena environment, this is a
definite disadvantage, i.e. you can't do "rsh remhost
/bin/athena/attach $USER" anymore. Note that telnetd doesn't bother
checking whether the home directory isn't attached.

Note that any discussion on this bug also applies to pending/155,
which is Matt Power's observation about the possibility that using a
user's home directory for .k5login files may be a security hole.

Show quoted text
>How-To-Repeat:
Attempt to execute a command using krsh while your homedir
isn't there.

Show quoted text
>Fix:

Show quoted text
>Audit-Trail:

Responsible-Changed-From-To: krb5-unassigned->hartmans
Responsible-Changed-By: hartmans
Responsible-Changed-When: Thu Feb 27 10:05:14 1997
Responsible-Changed-Why:
Dealing with bug for Greg.

State-Changed-From-To: open-closed
State-Changed-By: hartmans
State-Changed-When: Thu Feb 27 21:45:10 1997
State-Changed-Why:
Fixed; the fix should be included in the 1.0 patch release as Athena needs it.

I do not like this particular fix as it doesn't warn the user
that / has been used as a home directory. However, there is no good
way to easily do this from the parent process without violating
abstraction barriers. You can print a fatal message to the client,
but not really a warning. That, or I misread the code.


Index: appl/bsd/ChangeLog
===================================================================
RCS file: /mit/krbdev/.cvsroot/src/appl/bsd/ChangeLog,v
retrieving revision 5.235
diff -u -r5.235 ChangeLog
--- ChangeLog 1997/02/22 19:44:44 5.235
+++ ChangeLog 1997/02/27 15:58:37
@@ -1,3 +1,8 @@
+Thu Feb 27 10:58:07 1997 Sam Hartman <hartmans@luminous.MIT.EDU>
+
+ * krshd.c: Allow user to login with / as home directory if homedir
+ not found. [167]
+
Sat Feb 22 00:54:06 1997 Sam Hartman <hartmans@luminous.MIT.EDU>

* krlogin.c (mode): Clean up Posix terminal handling for NetBSD.
Index: appl/bsd/krshd.c
===================================================================
RCS file: /mit/krbdev/.cvsroot/src/appl/bsd/krshd.c,v
retrieving revision 5.68
diff -u -r5.68 krshd.c
--- krshd.c 1997/02/19 01:35:26 5.68
+++ krshd.c 1997/02/28 02:23:10
@@ -1012,11 +1012,11 @@
#endif /*CRAY*/

if (chdir(pwd->pw_dir) < 0) {
- syslog(LOG_ERR ,
- "Principal %s (%s@%s) for local user %s has no home directory.\n",
- kremuser, remuser, hostname, locuser);
- error("No remote directory.\n");
+ if(chdir("/") < 0) {
+ error("No remote directory.\n");
goto signout_please;
+ }
+ pwd->pw_dir = "/";
}

#ifdef KERBEROS

Show quoted text
>Unformatted: