Date: Wed, 26 Oct 2011 21:06:21 -0500 From: Harry Coin <harrycoin@aol.com> To: freebsd-security@freebsd.org Subject: 8-stable nfs+lerberos security hole Message-ID: <4EA8BC9D.9020406@aol.com>
next in thread | raw e-mail | index | archive | help
Kindly note Re: "[kernel security routines using] getpwnam_r buf too small-- nfs assigns root:user to krb5 clients" PR http://www.freebsd.org/cgi/query-pr.cgi?pr=162009 With patches. There was another related PR. In short, the getpw*_r routines call for a user buffer in which to put all the strings associated with a passwd structure. Many routines allow only 128 bytes for this. Others in the kernel use 1024 or 2048. Not alot of guidance there to work with, eh? Long gecos info, long principal names, etc causes these routines to fail.. but the error doesn't seem to prevent non privileged nfs clients using kerberos security from creating files. And, those files are owned root:user. Sometimes user:root. Either way, not so good. Thanks Harry Coin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4EA8BC9D.9020406>