From crawdad@gungnir.fnal.gov Tue Oct 26 18:53:07 1999
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id SAA11462 for <bugs@RT-11.MIT.EDU>; Tue, 26 Oct 1999 18:53:06 -0400
Received: from gungnir.fnal.gov by MIT.EDU with SMTP
id AA08482; Tue, 26 Oct 99 18:13:56 EDT
Received: (from crawdad@localhost)
by gungnir.fnal.gov (8.9.1/8.9.1) id RAA20271;
Tue, 26 Oct 1999 17:13:46 -0500 (CDT)
Message-Id: <199910262213.RAA20271@gungnir.fnal.gov>
Date: Tue, 26 Oct 1999 17:13:46 -0500 (CDT)
From: crawdad@fnal.gov
Reply-To: crawdad@gungnir.fnal.gov
To: krb5-bugs@MIT.EDU
Cc: krbdev@MIT.EDU, crawdad@fnal.gov
Subject: kadm5.acl too generous with permissions on POLICIES
X-Send-Pr-Version: 3.99
Architecture: sun4
privilege for any target principal T, then P can perform
the corresponding operation (a, d, m, i) on all policies.
This applies to 1.0.6 and 1.1.
principal, delete a policy. Use caution.
Specific example:
...kadm5.acl contains "person@REALM acdi person/cron@REALM"...
% kadmin -p person
Enter password:
kadmin: addpol -maxlife "3 days" -minlength 27 -minclasses 5 sillypol
kadmin: listpols
get_policies: Operation requires ``list'' privilege while retrieving list.
kadmin: getpol sillypol
Policy: sillypol
Maximum password life: 259200
Minimum password life: 0
Minimum password length: 27
Minimum number of password character classes: 5
Number of old keys kept: 1
Reference count: 0
kadmin: getpol default
Policy: default
Maximum password life: 34560000
Minimum password life: 172800
Minimum password length: 10
Minimum number of password character classes: 2
Number of old keys kept: 5
Reference count: 31
kadmin: delpol sillypol
Are you sure you want to delete the policy "sillypol"? (yes/no): yes
kadmin: getpol sillypol
get_policy: Policy does not exist while retrieving policy "sillypol".
kadmin: q
a negative permission entry "name@REALM ADMCIL no/such/princ@REALM".
Illustration:
...kadm5.acl now countains "person@REALM ADMCIL no/such/princ@REALM"
before the above entry...
% kadmin -p person
Enter password:
kadmin: addpol -maxlife "3 days" -minlength 27 -minclasses 5 sillypol
add_policy: Operation requires ``add'' privilege while creating policy "sillypol".
kadmin: q
Better fix: in acl_find_entry(), if dest_princ is NULL, accept
only a match with entry->ae_target NULL or "*".
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id SAA11462 for <bugs@RT-11.MIT.EDU>; Tue, 26 Oct 1999 18:53:06 -0400
Received: from gungnir.fnal.gov by MIT.EDU with SMTP
id AA08482; Tue, 26 Oct 99 18:13:56 EDT
Received: (from crawdad@localhost)
by gungnir.fnal.gov (8.9.1/8.9.1) id RAA20271;
Tue, 26 Oct 1999 17:13:46 -0500 (CDT)
Message-Id: <199910262213.RAA20271@gungnir.fnal.gov>
Date: Tue, 26 Oct 1999 17:13:46 -0500 (CDT)
From: crawdad@fnal.gov
Reply-To: crawdad@gungnir.fnal.gov
To: krb5-bugs@MIT.EDU
Cc: krbdev@MIT.EDU, crawdad@fnal.gov
Subject: kadm5.acl too generous with permissions on POLICIES
X-Send-Pr-Version: 3.99
Show quoted text
>Number: 777
>Category: krb5-admin
>Synopsis: add/delete/modify permission on ANY princ => ALL policies
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Tue Oct 26 18:54:00 EDT 1999
>Last-Modified:
>Originator: Matt Crawford
>Organization:
Fermilab>Category: krb5-admin
>Synopsis: add/delete/modify permission on ANY princ => ALL policies
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Tue Oct 26 18:54:00 EDT 1999
>Last-Modified:
>Originator: Matt Crawford
>Organization:
Show quoted text
>Release: krb5-1.0.6 krb5-1.1
>Environment:
System: SunOS gungnir.fnal.gov 5.5.1 Generic_103640-24 sun4u sparc SUNW,Ultra-1>Environment:
Architecture: sun4
Show quoted text
>Description:
If a subject principal P has add, delete, modify or inquireprivilege for any target principal T, then P can perform
the corresponding operation (a, d, m, i) on all policies.
This applies to 1.0.6 and 1.1.
Show quoted text
>How-To-Repeat:
Add a line "name@REALM d name@REALM" to kadm5.acl and, as thatprincipal, delete a policy. Use caution.
Specific example:
...kadm5.acl contains "person@REALM acdi person/cron@REALM"...
% kadmin -p person
Enter password:
kadmin: addpol -maxlife "3 days" -minlength 27 -minclasses 5 sillypol
kadmin: listpols
get_policies: Operation requires ``list'' privilege while retrieving list.
kadmin: getpol sillypol
Policy: sillypol
Maximum password life: 259200
Minimum password life: 0
Minimum password length: 27
Minimum number of password character classes: 5
Number of old keys kept: 1
Reference count: 0
kadmin: getpol default
Policy: default
Maximum password life: 34560000
Minimum password life: 172800
Minimum password length: 10
Minimum number of password character classes: 2
Number of old keys kept: 5
Reference count: 31
kadmin: delpol sillypol
Are you sure you want to delete the policy "sillypol"? (yes/no): yes
kadmin: getpol sillypol
get_policy: Policy does not exist while retrieving policy "sillypol".
kadmin: q
Show quoted text
>Fix:
Workaround: if any such permissions must be given, precede them bya negative permission entry "name@REALM ADMCIL no/such/princ@REALM".
Illustration:
...kadm5.acl now countains "person@REALM ADMCIL no/such/princ@REALM"
before the above entry...
% kadmin -p person
Enter password:
kadmin: addpol -maxlife "3 days" -minlength 27 -minclasses 5 sillypol
add_policy: Operation requires ``add'' privilege while creating policy "sillypol".
kadmin: q
Better fix: in acl_find_entry(), if dest_princ is NULL, accept
only a match with entry->ae_target NULL or "*".
Show quoted text
>Audit-Trail:
>Unformatted:
>Unformatted: