public inbox for linux-nfs@vger.kernel.org
 help / color / mirror / Atom feed
* Kerberos+NFSv4: Security - Multiple sessions with same user. One ticket for all?
@ 2009-08-26 11:46 Carlos André
  2009-08-26 11:51 ` Ondrej Valousek
  0 siblings, 1 reply; 5+ messages in thread
From: Carlos André @ 2009-08-26 11:46 UTC (permalink / raw)
  To: NFS list, Linux NFSv4 mailing list

I got a strange security issue. I logon via SSH or local console with
my user and get a ticket, then if local root su to my user, local root
can access my files.

I'm using CentOS 5.3:
kernel-2.6.18-128.2.1.el5
krb5-workstation-1.6.1-31.el5_3.3


SESSION 1:
-----------------------------------------------------------------
$ ssh root@1.2.3.4
root@1.2.3.4's password:
Last login: Wed Aug 26 08:06:49 2009 from X
[root@KSTATION ~]# su carlos.andre
[carlos.andre@KSTATION root]$ klist
klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_10000)


Kerberos 4 ticket cache: /tmp/tkt10000
klist: You have no tickets cached
[carlos.andre@KSTATION root]$ cd /misc/home/carlos.andre
bash: cd: /misc/home/carlos.andre: Permission denied
[carlos.andre@KSTATION root]$
-----------------------------------------------------------------
[--OK--]


SESSION 2:
-----------------------------------------------------------------
$ ssh carlos.andre@1.2.3.4
carlos.andre@1.2.3.4's password:
Last login: Wed Aug 26 08:01:33 2009 from X
[carlos.andre@KSTATION ~]$ klist
Ticket cache: FILE:/tmp/krb5cc_10000_PPLMqF
Default principal: carlos.andre@X.BR

Valid starting     Expires            Service principal
08/26/09 08:30:12  08/26/09 18:30:12  krbtgt/X.BR@X.BR
        renew until 08/26/09 08:30:12


Kerberos 4 ticket cache: /tmp/tkt10000
klist: You have no tickets cached
[carlos.andre@KSTATION ~]$ cd /misc/home/carlos.andre
[carlos.andre@KSTATION carlos.andre]$ ls -la
total 8
drwxrwx--- 2 carlos.andre users 4096 Aug 21 09:04 .
drwxr-xr-x 3 root         root               0 Aug 26 08:30 ..
[carlos.andre@KSTATION carlos.andre]$
-----------------------------------------------------------------
[--OK--]


NOW BACK TO SESSION 1:
-----------------------------------------------------------------
[carlos.andre@KSTATION root]$ cd /misc/home/carlos.andre
[carlos.andre@KSTATION carlos.andre]$ ls -la
total 8
drwxrwx--- 2 carlos.andre users 4096 Aug 21 09:04 .
drwxr-xr-x 3 root         root               0 Aug 26 08:30 ..
[carlos.andre@KSTATION carlos.andre]$ klist
klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_10000)


Kerberos 4 ticket cache: /tmp/tkt10000
klist: You have no tickets cached
[carlos.andre@KSTATION carlos.andre]$
-----------------------------------------------------------------
[WTF!?!?]

Then, if I log on someone machine, local root user (and 'su' to my
user) will have access to my files like NFS without Kerberos?? This
behavior is "correct" or it's a bug?
And more strange it's credentials, root 'su'ed to my user doesnt got
credentials, but still have access to my files...

Or I'm doing something wrong? -_-'

Thanks.

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2009-08-26 22:56 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-08-26 11:46 Kerberos+NFSv4: Security - Multiple sessions with same user. One ticket for all? Carlos André
2009-08-26 11:51 ` Ondrej Valousek
2009-08-26 21:09   ` le wang
     [not found]     ` <cbeb1f2b0908261409t21222b37le77f9afc03da038a-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2009-08-26 22:31       ` Carlos André
     [not found]         ` <f6ce31e30908261531m1ce99cd8m9ddde6269f0e536f-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2009-08-26 22:56           ` Trond Myklebust

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox