It's already there. On Sun, Feb 5, 2012 at 2:05 PM, Alec Warner <732...@bugs.launchpad.net>wrote:
> Can we get it in Precise? > > On Sun, Feb 5, 2012 at 1:31 PM, Russ Allbery <r...@debian.org> wrote: > > As of libpam-krb5 4.5, the temporary ticket cache will be written to > > ccache_dir rather than /tmp if ccache_dir is set. This version is in > > Debian (and has been for a little bit), but it looks like it's not yet > > been imported into Ubuntu. > > > > ** Changed in: libpam-krb5 (Ubuntu) > > Status: New => Fix Committed > > > > -- > > You received this bug notification because you are subscribed to the bug > > report. > > https://bugs.launchpad.net/bugs/732990 > > > > Title: > > libpam-krb5 writes to /tmp, does not work when disk is full. > > > > Status in “libpam-krb5” package in Ubuntu: > > Fix Committed > > > > Bug description: > > Binary package hint: libpam-krb5 > > > > When creating a new ticket cache libpam-krb5 stashes the cache in a > > temporary location; > > > > api-auth.c: pamret = pamk5_cache_init_random(args, creds); > > api-password.c: pamret = pamk5_cache_init_random(args, creds); > > > > in cache.c: pamk5_cache_init_random: > > char cache_name[] = "/tmp/krb5cc_pam_XXXXXX"; > > /* Store the obtained credentials in a temporary cache. */ > > pamret = pamk5_cache_mkstemp(args, cache_name); > > if (pamret != PAM_SUCCESS) > > return pamret; > > > > If /tmp is full this call fails and the entire pam stack will fail. > > When the rootfs is full users kind of expect to be able to do normal > > operations such as unlocking their screen or using sudo to gain root > > access to delete files. > > > > It would be nice if we could control where the tempfile was written in > > /etc/krb5.conf like many of the other pam options. > > > > antarus@goats ~/local/libpam-krb5-4.2 $ lsb_release -rd > > Description: Ubuntu 10.04.1 LTS > > Release: 10.04 > > > > antarus@goats ~/local/libpam-krb5-4.2 $ apt-cache policy libpam-krb5 > > libpam-krb5: > > Installed: 4.2-1 > > Candidate: 4.2-1 > > > > I expect to be able to configure libpam-krb5 to write to a tmpfs or > > something that is harder to fill up. An attacker could fill /tmp and > > cause any krb5-based authentication to fail. > > > > To manage notifications about this bug go to: > > > https://bugs.launchpad.net/ubuntu/+source/libpam-krb5/+bug/732990/+subscriptions > > -- > You received this bug notification because you are a member of Goobuntu > Team, which is subscribed to the bug report. > https://bugs.launchpad.net/bugs/732990 > > Title: > libpam-krb5 writes to /tmp, does not work when disk is full. > > Status in “libpam-krb5” package in Ubuntu: > Fix Committed > > Bug description: > Binary package hint: libpam-krb5 > > When creating a new ticket cache libpam-krb5 stashes the cache in a > temporary location; > > api-auth.c: pamret = pamk5_cache_init_random(args, creds); > api-password.c: pamret = pamk5_cache_init_random(args, creds); > > in cache.c: pamk5_cache_init_random: > char cache_name[] = "/tmp/krb5cc_pam_XXXXXX"; > /* Store the obtained credentials in a temporary cache. */ > pamret = pamk5_cache_mkstemp(args, cache_name); > if (pamret != PAM_SUCCESS) > return pamret; > > If /tmp is full this call fails and the entire pam stack will fail. > When the rootfs is full users kind of expect to be able to do normal > operations such as unlocking their screen or using sudo to gain root > access to delete files. > > It would be nice if we could control where the tempfile was written in > /etc/krb5.conf like many of the other pam options. > > antarus@goats ~/local/libpam-krb5-4.2 $ lsb_release -rd > Description: Ubuntu 10.04.1 LTS > Release: 10.04 > > antarus@goats ~/local/libpam-krb5-4.2 $ apt-cache policy libpam-krb5 > libpam-krb5: > Installed: 4.2-1 > Candidate: 4.2-1 > > I expect to be able to configure libpam-krb5 to write to a tmpfs or > something that is harder to fill up. An attacker could fill /tmp and > cause any krb5-based authentication to fail. > > To manage notifications about this bug go to: > > https://bugs.launchpad.net/ubuntu/+source/libpam-krb5/+bug/732990/+subscriptions > -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/732990 Title: libpam-krb5 writes to /tmp, does not work when disk is full. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libpam-krb5/+bug/732990/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
