diff options
| author | Russ Allbery <rra@stanford.edu> | 2008-01-19 01:19:15 +0000 |
|---|---|---|
| committer | Russ Allbery <rra@stanford.edu> | 2008-01-19 01:19:15 +0000 |
| commit | b4f2b5bf10e32777b1fcfa8417aa190755247815 (patch) | |
| tree | 86edfe86ae8b0816993ffbcc275fd53d6b9729f9 /NEWS | |
| parent | 71e7dc74a057cfa4dc288d0bc7be0e0f332dcb44 (diff) | |
Note that the file writing change is a security issue.
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 10 |
1 files changed, 5 insertions, 5 deletions
@@ -2,6 +2,11 @@ wallet 0.6 (unreleased) + SECURITY: If -f is used and the output file name with ".new" appended + already exists, unlink it first and then create it safely rather than + truncating it. This is much safer when creating files in a + world-writable directory. + The wallet client can now get the server, port, principal, and remctl type from krb5.conf as well as from compile-time defaults and command-line options. @@ -14,11 +19,6 @@ wallet 0.6 (unreleased) keytab keys into that file rather than moving aside the old keytab and creating a new keytab with only the new keys. - If -f is used and the output file name with ".new" appended already - exists, unlink it first and then create it safely rather than - truncating it. This is much safer when creating files in a - world-writable directory. - Support enforcing a naming policy for wallet objects via a Perl function in the wallet server configuration file. |