Skip Menu |

Download (untitled) / with headers
text/plain 2.3KiB
From Sat May 20 14:03:54 2000
by (8.9.3/8.9.3) with SMTP id OAA25366
for <bugs@RT-11.MIT.EDU>; Sat, 20 May 2000 14:03:53 -0400 (EDT)
Received: from by MIT.EDU with SMTP
id AA02838; Sat, 20 May 00 14:06:09 EDT
Received: (from gtsouder@localhost)
by (8.9.3/8.9.3) id OAA06038;
Sat, 20 May 2000 14:03:52 -0400 (EDT)
Message-Id: <>
Date: Sat, 20 May 2000 14:03:52 -0400 (EDT)
To: krb5-bugs@MIT.EDU
Subject: Bug in util/profile/profile_init.c
X-Send-Pr-Version: 3.99

Show quoted text
>Number: 854
>Category: krb5-libs
>Synopsis: Bug in util/profile/prof_init.c (Krb5-1.1.1)
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Sat May 20 14:04:00 EDT 2000
>Originator: Tim Souder

Show quoted text
>Release: krb5-1.1.1
System: SunOS humpty 5.7 Generic_106541-08 sun4u sparc SUNW,Ultra-1
Architecture: sun4

Show quoted text
in lines 45-49 of util/profile/
for (fs = files; !PROFILE_LAST_FILESPEC(*fs); fs++) {
retval = profile_open_file(*fs, &new_file);
/* if this file is missing, skip to the next */
if (retval == ENOENT) {

It assumes that the only acceptable return value (other than a successful
open of the profile file) is ENOENT. If any other error occurs on
any of the files in the PROFILE_PATH (in the files array), the library will
die on an error.

This can be serious if one of the configuration files is readable
(for example, /etc/krb5.conf), while the user does not have the proper
permissions to read another (e.g., /usr/local/etc/krb5.conf). The
method will always exit with a EPERM error.

Show quoted text
Make any profile file in the PROFILE_PATH unreadable (e.g. set
the permissions on /usr/local/etc to 0700 and run any kerberos
utility as a non-root user).

Show quoted text
Perhaps, change the loop to only exit when all of the files in the
profile path are invalid, rather than exiting when any of the files
are invalid.

Show quoted text
fixed in 1.3 (EACCES now non-fatal)