[10] RFR 8177085: Accept including .conf files in krb5.conf's includedir

Weijun Wang weijun.wang at oracle.com
Tue Mar 21 02:18:05 UTC 2017 


On 03/19/2017 11:41 PM, Jamil Nimeh wrote:
> Hi Max,
>
> Do you know if the MIT krb5 code accepts any filename with the .conf
> extension?  So filenames with spaces and periods with a .conf suffix are
> fine?  I just wanted to make sure because your test code doesn't have
> any examples that would go outside the old alphanum, +, _, - set of
> characters (e.g. "foo.bar yak.config") but should otherwise be OK
> because it ends with .conf.  If that's the desired behavior then that's
> fine, I was more curious than anything else.  Maybe not a big deal
> because I think even "a.conf" would run down the same codepath as
> "foo.bar yak.config".

The MIT krb5 code has

     if (len >= 5 && !strcmp(filename + len - 5, ".conf"))
         return 1;

So even a bare ".conf" is allowed. My understanding of the old rule is 
to exclude OS-generated files like .DS_Store and desktop.ini. Do you 
know of any possibilities that a "*.conf" file will be generated this way?

As for the test, we can say "k4.conf" already contains "." which was not 
allowed before.

>
> Nit: Test code, line 110, looks like there are a couple spaces where
> you're chaining methods together that you don't do elsewhere in the
> code.  Is that intentional?

No. I cannot remember where the spaces come from. Maybe after breaking 
and joining lines in vi?

Thanks
Max

>
> Otherwise looks good.
>
> Thanks,
> --Jamil
>
> On 3/19/2017 1:35 AM, Weijun Wang wrote:
>> Please review the code change at
>>
>>    http://cr.openjdk.java.net/~weijun/8177085/webrev.00/
>>
>> This is to be consistent with MIT krb5 [1]
>>
>>  "Including a directory includes all files within the directory whose
>> names consist solely of alphanumeric characters, dashes, or
>> underscores. Starting in release 1.15, files with names ending in
>> ”.conf” are also included."
>>
>> New case added to test. Also some rename to make it clearer.
>>
>> Thanks
>> Max
>>
>> [1]
>> http://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_files/krb5_conf.html
>>
>

More information about the security-dev mailing list