Skip Menu |

Download (untitled) / with headers
text/plain 3.1KiB
From Tue Oct 26 18:53:07 1999
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU []) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id SAA11462 for <bugs@RT-11.MIT.EDU>; Tue, 26 Oct 1999 18:53:06 -0400
Received: from by MIT.EDU with SMTP
id AA08482; Tue, 26 Oct 99 18:13:56 EDT
Received: (from crawdad@localhost)
by (8.9.1/8.9.1) id RAA20271;
Tue, 26 Oct 1999 17:13:46 -0500 (CDT)
Message-Id: <>
Date: Tue, 26 Oct 1999 17:13:46 -0500 (CDT)
To: krb5-bugs@MIT.EDU
Cc: krbdev@MIT.EDU,
Subject: kadm5.acl too generous with permissions on POLICIES
X-Send-Pr-Version: 3.99

Show quoted text
>Number: 777
>Category: krb5-admin
>Synopsis: add/delete/modify permission on ANY princ => ALL policies
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Tue Oct 26 18:54:00 EDT 1999
>Originator: Matt Crawford
Show quoted text
>Release: krb5-1.0.6 krb5-1.1
System: SunOS 5.5.1 Generic_103640-24 sun4u sparc SUNW,Ultra-1
Architecture: sun4

Show quoted text
If a subject principal P has add, delete, modify or inquire
privilege for any target principal T, then P can perform
the corresponding operation (a, d, m, i) on all policies.
This applies to 1.0.6 and 1.1.
Show quoted text
Add a line "name@REALM d name@REALM" to kadm5.acl and, as that
principal, delete a policy. Use caution.
Specific example:
...kadm5.acl contains "person@REALM acdi person/cron@REALM"...
% kadmin -p person
Enter password:
kadmin: addpol -maxlife "3 days" -minlength 27 -minclasses 5 sillypol
kadmin: listpols
get_policies: Operation requires ``list'' privilege while retrieving list.
kadmin: getpol sillypol
Policy: sillypol
Maximum password life: 259200
Minimum password life: 0
Minimum password length: 27
Minimum number of password character classes: 5
Number of old keys kept: 1
Reference count: 0
kadmin: getpol default
Policy: default
Maximum password life: 34560000
Minimum password life: 172800
Minimum password length: 10
Minimum number of password character classes: 2
Number of old keys kept: 5
Reference count: 31
kadmin: delpol sillypol
Are you sure you want to delete the policy "sillypol"? (yes/no): yes
kadmin: getpol sillypol
get_policy: Policy does not exist while retrieving policy "sillypol".
kadmin: q

Show quoted text
Workaround: if any such permissions must be given, precede them by
a negative permission entry "name@REALM ADMCIL no/such/princ@REALM".
...kadm5.acl now countains "person@REALM ADMCIL no/such/princ@REALM"
before the above entry...
% kadmin -p person
Enter password:
kadmin: addpol -maxlife "3 days" -minlength 27 -minclasses 5 sillypol
add_policy: Operation requires ``add'' privilege while creating policy "sillypol".
kadmin: q

Better fix: in acl_find_entry(), if dest_princ is NULL, accept
only a match with entry->ae_target NULL or "*".
Show quoted text