-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
MIT krb5 Security Advisory 2006-001
Original release: 2006-08-08
Topic: multiple local privilege escalation vulnerabilities
Severity: serious
SUMMARY
===
In certain application programs packaged in the MIT Kerberos 5 source
di
Hi Tom,
I implemented the changes suggested by you for "MIT krb5 Security Advisory
2006-001" in the ksu utility. I am always observing below message when I
exit from the ksu shell. I tested it on AIX and Linux. Behavior is same.
--
# ksu tester
Changing uid
> "Sachin" == Sachin Punadikar <[EMAIL PROTECTED]> writes:
Sachin> Hi Tom,
Sachin> I implemented the changes suggested by you for "MIT krb5 Security
Advisory
Sachin> 2006-001" in the ksu utility. I am always observing below message when I
Sachin> exit from the ksu shell. I tested it on AIX an
> "Tom" == Tom Yu <[EMAIL PROTECTED]> writes:
Tom> This sounds like a bug in the patch. Try moving the krb5_seteuid(0)
Tom> call to before the if-statement (so its return value gets
Tom> ignored... this is safe for seteuid(0) but not for seteuid(not_zero)).
Tom> I think the krb5_seteuid(0) ca
Tom,
I tried code changes suggested by you, and it works fine. Now it is working
as it was working before.
Thanks a lot.
- Sachin.
On 8/16/06, Tom Yu <[EMAIL PROTECTED]> wrote:
>
> > "Tom" == Tom Yu <[EMAIL PROTECTED]> writes:
>
> Tom> This sounds like a bug in the patch. Try moving the krb5
