Denis Feklushkin <denis.feklush...@gmail.com> writes: > Need ability to transfer credential in a variable rather than as a > reference to a file in KRB5CCNAME.
> Currently a cgi-script containing an error allows an attacker to gather > all credentials in the /tmp and use them. (Attacker can use credentials > through script with same error, for example.) > Transferring credentials into a script using variable is exclude ability > to collect credintials from files. There are a couple of problems with this, unfortunately. One is that the Kerbeors libraries don't provide you any easy way to do this, so mod_auth_kerb would have to invent a custom encoding format for the credential cache, which would then also have to be implemented in any code that wants to receive the credentials. More seriously, environment variables aren't horribly well-protected against various snooping attacks either and don't really solve your security problem. It's only a little bit harder to steal environment variables from other processes running as the same user. (They're visible in /proc, for instance.) I suspect the best solution would be to combine mod_auth_kerb with suexec so that the CGI scripts and the corresponding credential caches are owned by different users for each CGI script, although I suspect that doesn't work cleanly out of the box. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
