Can we get it in Precise? On Sun, Feb 5, 2012 at 1:31 PM, Russ Allbery <r...@debian.org> wrote: > As of libpam-krb5 4.5, the temporary ticket cache will be written to > ccache_dir rather than /tmp if ccache_dir is set. This version is in > Debian (and has been for a little bit), but it looks like it's not yet > been imported into Ubuntu. > > ** Changed in: libpam-krb5 (Ubuntu) > Status: New => Fix Committed > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/732990 > > Title: > libpam-krb5 writes to /tmp, does not work when disk is full. > > Status in “libpam-krb5” package in Ubuntu: > Fix Committed > > Bug description: > Binary package hint: libpam-krb5 > > When creating a new ticket cache libpam-krb5 stashes the cache in a > temporary location; > > api-auth.c: pamret = pamk5_cache_init_random(args, creds); > api-password.c: pamret = pamk5_cache_init_random(args, creds); > > in cache.c: pamk5_cache_init_random: > char cache_name[] = "/tmp/krb5cc_pam_XXXXXX"; > /* Store the obtained credentials in a temporary cache. */ > pamret = pamk5_cache_mkstemp(args, cache_name); > if (pamret != PAM_SUCCESS) > return pamret; > > If /tmp is full this call fails and the entire pam stack will fail. > When the rootfs is full users kind of expect to be able to do normal > operations such as unlocking their screen or using sudo to gain root > access to delete files. > > It would be nice if we could control where the tempfile was written in > /etc/krb5.conf like many of the other pam options. > > antarus@goats ~/local/libpam-krb5-4.2 $ lsb_release -rd > Description: Ubuntu 10.04.1 LTS > Release: 10.04 > > antarus@goats ~/local/libpam-krb5-4.2 $ apt-cache policy libpam-krb5 > libpam-krb5: > Installed: 4.2-1 > Candidate: 4.2-1 > > I expect to be able to configure libpam-krb5 to write to a tmpfs or > something that is harder to fill up. An attacker could fill /tmp and > cause any krb5-based authentication to fail. > > To manage notifications about this bug go to: > https://bugs.launchpad.net/ubuntu/+source/libpam-krb5/+bug/732990/+subscriptions
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/732990 Title: libpam-krb5 writes to /tmp, does not work when disk is full. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libpam-krb5/+bug/732990/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
