rcache owner should be checked against the effective uid, not the real

author Theodore Tso <tytso@mit.edu>

Tue, 25 Mar 1997 06:16:54 +0000 (06:16 +0000)

committer Theodore Tso <tytso@mit.edu>

Tue, 25 Mar 1997 06:16:54 +0000 (06:16 +0000)
author Theodore Tso <tytso@mit.edu>
Tue, 25 Mar 1997 06:16:54 +0000 (06:16 +0000)
committer Theodore Tso <tytso@mit.edu>
Tue, 25 Mar 1997 06:16:54 +0000 (06:16 +0000)
diff --git a/src/lib/krb5/rcache/ChangeLog b/src/lib/krb5/rcache/ChangeLog

index 1ebc2cffaa6b6cc2f9d4d92155aba8f17ef7a0b3..2ce2ac7cd27daeacff677f2ec43966c674f3518a 100644 (file)
--- a/src/lib/krb5/rcache/ChangeLog
+++ b/src/lib/krb5/rcache/ChangeLog
@@ -1,3 +1,8 @@
+Tue Mar 25 01:15:39 1997  Theodore Y. Ts'o  <tytso@mit.edu>
+
+       * rc_io.c (krb5_rc_io_open): rcache owner should be checked against
+               the effective uid, not the real uid.  [krb5-libs/366]
+
  Sat Feb 22 22:44:15 1997  Richard Basch  <basch@lehman.com>
  
         * Makefile.in: Use some of the new library list build rules in
diff --git a/src/lib/krb5/rcache/rc_io.c b/src/lib/krb5/rcache/rc_io.c

index bf11e8ff95aaa9bcd297596d6105dee3102c82c3..3d69c15bd7d7d9a8c004fdd4b2b998d7be7a1562 100644 (file)
--- a/src/lib/krb5/rcache/rc_io.c
+++ b/src/lib/krb5/rcache/rc_io.c
@@ -185,7 +185,7 @@ krb5_error_code krb5_rc_io_open (context, d, fn)
   if ((d->fd = stat(d->fn, &statb)) != -1) {
       uid_t me;
  
-     me = getuid();
+     me = geteuid();
       /* must be owned by this user, to prevent some security problems with
          * other users modifying replay cache stufff */
       if ((statb.st_uid != me) || ((statb.st_mode & S_IFMT) != S_IFREG)) {
author	Theodore Tso <tytso@mit.edu>
	Tue, 25 Mar 1997 06:16:54 +0000 (06:16 +0000)
committer	Theodore Tso <tytso@mit.edu>
	Tue, 25 Mar 1997 06:16:54 +0000 (06:16 +0000)
src/lib/krb5/rcache/ChangeLog		patch \| blob \| history
src/lib/krb5/rcache/rc_io.c		patch \| blob \| history