From humphrey@cs.virginia.edu Wed Apr 21 10:46:11 1999
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id KAA27222 for <bugs@RT-11.MIT.EDU>; Wed, 21 Apr 1999 10:46:10 -0400
Received: from mail.cs.Virginia.EDU by MIT.EDU with SMTP
id AA08364; Wed, 21 Apr 99 10:46:07 EDT
Received: from mamba.cs.Virginia.EDU (mamba.cs.Virginia.EDU [128.143.137.15])
by ares.cs.Virginia.EDU (8.9.2/8.9.2/UVACS-1999030200) with ESMTP id KAA11604;
Wed, 21 Apr 1999 10:46:07 -0400 (EDT)
Received: (from humphrey@localhost)
by mamba.cs.Virginia.EDU (8.9.2/8.9.2) id KAA29858;
Wed, 21 Apr 1999 10:46:07 -0400 (EDT)
Message-Id: <199904211446.KAA29858@mamba.cs.Virginia.EDU>
Date: Wed, 21 Apr 1999 10:46:07 -0400 (EDT)
From: Marty Humphrey <humphrey@cs.virginia.edu>
To: krb5-bugs@MIT.EDU, humphrey@cs.virginia.edu
Subject: Problem in "ksu"
I've found a problem in "ksu".
I want to, in essense, create processes on behalf of another user in
the following manner. Say that I am user "fred" and I want to create a
process for user "barney". I want to do the following: As user "fred",
/usr/local/bin/ksu barney -n barney -c FILE:barney_creds -e /usr/bin/ls
Note that "barney_creds" is a file owned by "fred" (mode 0600), which
contains a copy of barney's credentials. Barney has given Fred a copy
of Barney's ticket(s). Note, that "/usr/bin/ls" is just a simple
binary used for this example.
While I realize that there may be other ways to do this, I believe
that in principle "ksu" is designed to support this.
Currently, here is what happens when I invoke this:
Responsible-Changed-From-To: gnats-admin->krb5-unassigned
Responsible-Changed-By: raeburn
Responsible-Changed-When: Sat Jun 23 01:28:11 2001
Responsible-Changed-Why:
The bug in KSU is that authentication and authorization has already
occured, so "/usr/bin/ls" *should* be fine. The fix to this bug can be
found in
krb5_current/src/clients/ksu/main.c
at or around line 855. This is the way it currently is written:
if ((source_uid == 0) || (source_uid == target_uid )){
exec_cmd = cmd;
}
I want it changed to remove the conditional, and always make the
assignment:
exec_cmd = cmd;
My belief is that this is an unnecessary line that the programmer put
it. Note that this is labeled an internal error (as opposed to an
error that should be shown to the user). This bug occurs because we
are attempting to use "ksu" in a manner in which people generally
don't use it. We have to use it this way because we are not allowed
to use "k5login" (nor k5users) --- this is a site-wide security policy
mandated by "higher-ups"; also, we *firmly* believe that this use is
consistent with the spirit and intent of the "ksu" operation.
Thanks,
Marty Humphrey
Research Assistant Professor
UVa Legion Project
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id KAA27222 for <bugs@RT-11.MIT.EDU>; Wed, 21 Apr 1999 10:46:10 -0400
Received: from mail.cs.Virginia.EDU by MIT.EDU with SMTP
id AA08364; Wed, 21 Apr 99 10:46:07 EDT
Received: from mamba.cs.Virginia.EDU (mamba.cs.Virginia.EDU [128.143.137.15])
by ares.cs.Virginia.EDU (8.9.2/8.9.2/UVACS-1999030200) with ESMTP id KAA11604;
Wed, 21 Apr 1999 10:46:07 -0400 (EDT)
Received: (from humphrey@localhost)
by mamba.cs.Virginia.EDU (8.9.2/8.9.2) id KAA29858;
Wed, 21 Apr 1999 10:46:07 -0400 (EDT)
Message-Id: <199904211446.KAA29858@mamba.cs.Virginia.EDU>
Date: Wed, 21 Apr 1999 10:46:07 -0400 (EDT)
From: Marty Humphrey <humphrey@cs.virginia.edu>
To: krb5-bugs@MIT.EDU, humphrey@cs.virginia.edu
Subject: Problem in "ksu"
Show quoted text
>Number: 713
>Category: krb5-clients
>Synopsis: Problem in "ksu"
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Wed Apr 21 10:47:01 EDT 1999
>Last-Modified: Sat Jun 23 01:28:24 EDT 2001
>Originator: Marty Humphrey <humphrey@cs.virginia.edu>
>Organization:
>Release:
>Environment:
>Description:
>Category: krb5-clients
>Synopsis: Problem in "ksu"
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Wed Apr 21 10:47:01 EDT 1999
>Last-Modified: Sat Jun 23 01:28:24 EDT 2001
>Originator: Marty Humphrey <humphrey@cs.virginia.edu>
>Organization:
>Release:
>Environment:
>Description:
I've found a problem in "ksu".
I want to, in essense, create processes on behalf of another user in
the following manner. Say that I am user "fred" and I want to create a
process for user "barney". I want to do the following: As user "fred",
/usr/local/bin/ksu barney -n barney -c FILE:barney_creds -e /usr/bin/ls
Note that "barney_creds" is a file owned by "fred" (mode 0600), which
contains a copy of barney's credentials. Barney has given Fred a copy
of Barney's ticket(s). Note, that "/usr/bin/ls" is just a simple
binary used for this example.
While I realize that there may be other ways to do this, I believe
that in principle "ksu" is designed to support this.
Currently, here is what happens when I invoke this:
Show quoted text
>How-To-Repeat:
>Fix:
>Audit-Trail:
>Fix:
>Audit-Trail:
Responsible-Changed-From-To: gnats-admin->krb5-unassigned
Responsible-Changed-By: raeburn
Responsible-Changed-When: Sat Jun 23 01:28:11 2001
Responsible-Changed-Why:
Show quoted text
>Unformatted:
>> Authenticated barney@KERB.REALM
>> ksu[37749651]: 'ksu barney' authenticated barney@KERB.REALM for fred on /dev/ttyq43
>> Account barney: authorization for barney@KERB.REALM for execution of
>> (null) successful
>> ksu[37749651]: Account barney: authorization for barney@KERB.REALM for execution of (null) successful
>> Changing uid to barney (8066)
>> Internal error: command /usr/bin/ls did not get resolved
>> ksu[37749651]: 'ksu barney' authenticated barney@KERB.REALM for fred on /dev/ttyq43
>> Account barney: authorization for barney@KERB.REALM for execution of
>> (null) successful
>> ksu[37749651]: Account barney: authorization for barney@KERB.REALM for execution of (null) successful
>> Changing uid to barney (8066)
>> Internal error: command /usr/bin/ls did not get resolved
The bug in KSU is that authentication and authorization has already
occured, so "/usr/bin/ls" *should* be fine. The fix to this bug can be
found in
krb5_current/src/clients/ksu/main.c
at or around line 855. This is the way it currently is written:
if ((source_uid == 0) || (source_uid == target_uid )){
exec_cmd = cmd;
}
I want it changed to remove the conditional, and always make the
assignment:
exec_cmd = cmd;
My belief is that this is an unnecessary line that the programmer put
it. Note that this is labeled an internal error (as opposed to an
error that should be shown to the user). This bug occurs because we
are attempting to use "ksu" in a manner in which people generally
don't use it. We have to use it this way because we are not allowed
to use "k5login" (nor k5users) --- this is a site-wide security policy
mandated by "higher-ups"; also, we *firmly* believe that this use is
consistent with the spirit and intent of the "ksu" operation.
Thanks,
Marty Humphrey
Research Assistant Professor
UVa Legion Project