[10] RFR 8177085: Accept including .conf files in krb5.conf's includedir
Weijun Wang
weijun.wang at oracle.com
Tue Mar 21 15:13:30 UTC 2017
On 03/21/2017 11:03 PM, Jamil Nimeh wrote:
> Honestly, I can't. I could see a sysadmin maybe moving a file like
> foo.conf maybe to .foo.conf in order to "hide" it, but that wouldn't do
> much now (it will still be processed) and now you have a situation where
> the admin has a file being processed that doesn't readily show up in a
> simple "ls." Point gun at foot, pull trigger.
Hopefully this won't happen.
Before supporting .conf, his old foo.conf was not processed. So he might
have never written that file.
> I don't have a lot of
> experience with Kerberos implementations,
No, I am not asking for Kerberos experiences. Just want to know if
people would accidentally create these files. For example, vi will
create .swp. I remember inserting a FAT USB disk into a Mac and some
mysterious files will be generated (alternative streams of resources?)
that is "._" plus original file names. Maybe I can report this to MIT
krb5 and ask if they are afraid of it.
> so I can't think of a case
> where the OS would do something like that. At least not for a
> system-level config file. Maybe if there was a homedir-based conf
> file...sometimes those are made as dot files (e.g. the local .ssh
> directory...but that's a directory with non-hidden conf files inside).
Thanks
Max
More information about the security-dev
mailing list