#164 [audit, blocking] Static temp file for krb cache
Closed: Fixed 6 years ago Opened 6 years ago by puiterwijk.

conf/config.py:139 (KRB_AUTH_CCACHE_FILE) defines a static cache file for krb5 tickets.
Unless you make sure that the file does not already exist or is owned by the service user with sufficiently closed permissions, this might leak permissions to another user.
Please either use a tempfile.mkstemp()'d file here, or do not set this option by default and do not set a ccache file unless the admin tells you to explicitly.


Metadata Update from @jkaluza:
- Issue assigned to jkaluza

6 years ago

@puiterwijk maybe this is off-topic, I'd like to ask if memory ccache could be safer?

Metadata Update from @jkaluza:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

6 years ago

@cqi it would be safer, yes. (well, normally... :)).

Login to comment on this ticket.

Metadata