> > just a note...
> > it appears the bsdi version of su uses kerbose tickets if kerbose is
> > configured.
>
> Yes, but the BSDI kerberosIV implementation does not appear to
> have the problem (the tf_init() routine which opens the ticket
> file checks to see that the real uid of the process is either
> root or owns the ticket file).
Similarly, my tests on FreeBSD 2.2.2-RELEASE (and above) indicate that the
system is not vulnerable.
Robert N Watson
Junior, Logic+Computation, Carnegie Mellon University http://www.cmu.edu/
Network Administrator, SafePort Network Services http://www.safeport.com/
robert@fledge.watson.org rwatson@safeport.com http://www.watson.org/~robert/