[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PAM and Kerberos

Fair enough. Call setreuid() to swap ui and euid, create the credentials
file, switch uid/euid back.

I can see that renaming files in /tmp in such a situation can be
problematic. But What's the problem with chowning a file in /tmp when
it's being chowned by the same process that created it and the process
is running as root and that file will never be used by root?



On Mon, Aug 14, 2000 at 03:53:53PM -0400, Marc Horowitz wrote:
> A nit: credentials should never be chown'd, and renaming is also not a
> good idea.  They should be created *as* the user.  Otherwise, you can
> get into trouble with interactions with sticky bits, race conditions,
> quotas, permission mapping, or a number of other unix subtleties which
> all vanish when you just call creat() as the user who owns the
> tickets.
> Hopefully, it isn't an inherent property of PAM that you need to use
> chown.
> 		Marc

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []