From: =?ISO-8859-1?Q?Carlos_Andr=E9?= Subject: Kerberos+NFSv4: Security - Multiple sessions with same user. One ticket for all? Date: Wed, 26 Aug 2009 08:46:37 -0300 Message-ID: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" To: NFS list , Linux NFSv4 mailing list Return-path: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: nfsv4-bounces@linux-nfs.org Errors-To: nfsv4-bounces@linux-nfs.org List-ID: I got a strange security issue. I logon via SSH or local console with my user and get a ticket, then if local root su to my user, local root can access my files. I'm using CentOS 5.3: kernel-2.6.18-128.2.1.el5 krb5-workstation-1.6.1-31.el5_3.3 SESSION 1: ----------------------------------------------------------------- $ ssh root@1.2.3.4 root@1.2.3.4's password: Last login: Wed Aug 26 08:06:49 2009 from X [root@KSTATION ~]# su carlos.andre [carlos.andre@KSTATION root]$ klist klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_10000) Kerberos 4 ticket cache: /tmp/tkt10000 klist: You have no tickets cached [carlos.andre@KSTATION root]$ cd /misc/home/carlos.andre bash: cd: /misc/home/carlos.andre: Permission denied [carlos.andre@KSTATION root]$ ----------------------------------------------------------------- [--OK--] SESSION 2: ----------------------------------------------------------------- $ ssh carlos.andre@1.2.3.4 carlos.andre@1.2.3.4's password: Last login: Wed Aug 26 08:01:33 2009 from X [carlos.andre@KSTATION ~]$ klist Ticket cache: FILE:/tmp/krb5cc_10000_PPLMqF Default principal: carlos.andre@X.BR Valid starting Expires Service principal 08/26/09 08:30:12 08/26/09 18:30:12 krbtgt/X.BR@X.BR renew until 08/26/09 08:30:12 Kerberos 4 ticket cache: /tmp/tkt10000 klist: You have no tickets cached [carlos.andre@KSTATION ~]$ cd /misc/home/carlos.andre [carlos.andre@KSTATION carlos.andre]$ ls -la total 8 drwxrwx--- 2 carlos.andre users 4096 Aug 21 09:04 . drwxr-xr-x 3 root root 0 Aug 26 08:30 .. [carlos.andre@KSTATION carlos.andre]$ ----------------------------------------------------------------- [--OK--] NOW BACK TO SESSION 1: ----------------------------------------------------------------- [carlos.andre@KSTATION root]$ cd /misc/home/carlos.andre [carlos.andre@KSTATION carlos.andre]$ ls -la total 8 drwxrwx--- 2 carlos.andre users 4096 Aug 21 09:04 . drwxr-xr-x 3 root root 0 Aug 26 08:30 .. [carlos.andre@KSTATION carlos.andre]$ klist klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_10000) Kerberos 4 ticket cache: /tmp/tkt10000 klist: You have no tickets cached [carlos.andre@KSTATION carlos.andre]$ ----------------------------------------------------------------- [WTF!?!?] Then, if I log on someone machine, local root user (and 'su' to my user) will have access to my files like NFS without Kerberos?? This behavior is "correct" or it's a bug? And more strange it's credentials, root 'su'ed to my user doesnt got credentials, but still have access to my files... Or I'm doing something wrong? -_-' Thanks.