[Bug 732990] Re: libpam-krb5 writes to /tmp, does not work when disk is full.
Steve Langasek
steve.langasek at canonical.com
Mon Feb 6 21:43:39 UTC 2012
Only in response to this report ;)
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libpam-krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/732990
Title:
libpam-krb5 writes to /tmp, does not work when disk is full.
Status in “libpam-krb5” package in Ubuntu:
Fix Released
Bug description:
Binary package hint: libpam-krb5
When creating a new ticket cache libpam-krb5 stashes the cache in a
temporary location;
api-auth.c: pamret = pamk5_cache_init_random(args, creds);
api-password.c: pamret = pamk5_cache_init_random(args, creds);
in cache.c: pamk5_cache_init_random:
char cache_name[] = "/tmp/krb5cc_pam_XXXXXX";
/* Store the obtained credentials in a temporary cache. */
pamret = pamk5_cache_mkstemp(args, cache_name);
if (pamret != PAM_SUCCESS)
return pamret;
If /tmp is full this call fails and the entire pam stack will fail.
When the rootfs is full users kind of expect to be able to do normal
operations such as unlocking their screen or using sudo to gain root
access to delete files.
It would be nice if we could control where the tempfile was written in
/etc/krb5.conf like many of the other pam options.
antarus at goats ~/local/libpam-krb5-4.2 $ lsb_release -rd
Description: Ubuntu 10.04.1 LTS
Release: 10.04
antarus at goats ~/local/libpam-krb5-4.2 $ apt-cache policy libpam-krb5
libpam-krb5:
Installed: 4.2-1
Candidate: 4.2-1
I expect to be able to configure libpam-krb5 to write to a tmpfs or
something that is harder to fill up. An attacker could fill /tmp and
cause any krb5-based authentication to fail.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libpam-krb5/+bug/732990/+subscriptions
More information about the foundations-bugs
mailing list