From owner-freebsd-security Wed Feb 21 1:41:28 2001 Delivered-To: freebsd-security@freebsd.org Received: from assaris.sics.se (assaris.sics.se [193.10.66.234]) by hub.freebsd.org (Postfix) with ESMTP id 3D06937B503; Wed, 21 Feb 2001 01:41:25 -0800 (PST) (envelope-from assar@assaris.sics.se) Received: (from assar@localhost) by assaris.sics.se (8.9.3/8.9.3) id KAA37455; Wed, 21 Feb 2001 10:41:39 +0100 (CET) (envelope-from assar) From: assar@FreeBSD.org To: Robert Watson Cc: "Brian F. Feldman" , security@FreeBSD.org Subject: Re: PAM/SSH and KerberosIV? References: Date: 21 Feb 2001 10:41:39 +0100 In-Reply-To: Robert Watson's message of "Tue, 20 Feb 2001 22:38:02 -0500 (EST)" Message-ID: <5lhf1ov0do.fsf@assaris.sics.se> Lines: 30 User-Agent: Gnus/5.070098 (Pterodactyl Gnus v0.98) Emacs/20.6 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Robert Watson writes: > Any hope of moving to a model with ticket filenames created using > mkstemp? That could be done. The simple patch is, however, to do what ssh was doing by itself, which would be like the following: /assar Index: klogin.c =================================================================== RCS file: /home/ncvs/src/lib/libpam/modules/pam_kerberosIV/klogin.c,v retrieving revision 1.11 diff -u -w -u -w -r1.11 klogin.c --- klogin.c 2000/02/24 22:24:37 1.11 +++ klogin.c 2001/02/21 09:39:29 @@ -104,9 +104,11 @@ */ if (strcmp(instance, "root") != 0) - (void)sprintf(tkt_location, "%s%d", TKT_ROOT, pw->pw_uid); + (void)sprintf(tkt_location, "%s%d_%u", TKT_ROOT, pw->pw_uid, + getpid()); else { - (void)sprintf(tkt_location, "%s_root_%d", TKT_ROOT, pw->pw_uid); + (void)sprintf(tkt_location, "%s_root_%d_%u", TKT_ROOT, + pw->pw_uid, getpid()); krbtkfile_env = tkt_location; } (void)krb_set_tkt_string(tkt_location); To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message