From: | Dhiraj Mishra <mishra.dhiraj95@gmail.com> |
Date: | Thu, 26 Jul 2018 22:08:51 +0530 |
Subject: | racecondition in posix platformAccess code path |
To: | krb5-bugs@mit.edu |
Dear Team,
File: localauth_k5login.c#L110
I believe this indicates a security flaw, If an attacker can change anything along the path between the call access()
and the files actually used, attacker may exploit the race condition or
a time-of-check, time-of-use race condition, request team to please
have a look and validate.
Thank you
--
Regards
Dhiraj Mishra.
GPG ID : 51720F56 | Finger Print : 1F6A FC7B 05AA CF29 8C1C ED65 3233 4D18 5172 0F56
Dhiraj Mishra.
GPG ID : 51720F56 | Finger Print : 1F6A FC7B 05AA CF29 8C1C ED65 3233 4D18 5172 0F56