Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 15 Feb 2016 14:59:19 +0100 (CET)
From: Roman Drahtmueller <draht@...altsekun.de>
To: oss-security <oss-security@...ts.openwall.com>
cc: harlowja@...il.com, smoser@...ckies.net
Subject: Re: cloud-init follows symlinks for ssh
 authorized_keys

[...]
> Again, os.path.isdir follows symlinks, and so do chown and chmod, and
> also the functions underlying write_file. By the way there are some
> more race condition situations happening in the latter function, among
> others, in which directories can be removed or changed around after
> the "ensure" check. Whether or not that constitutes a security issue
> remains to be seen.
> 
> Anyway, make of this what you will. Is this a vector? Is this not a
> vector? It's certainly not very robust code in any case.

Wouldn't it be a problem in the set-up much earlier if an unprivileged 
user can write to a different user's directories? 
A symlink for $HOME/.ssh/authorized_keys may have a practicacl purpose, 
such as a system-wide file for functional users.
>From this viewpoint, it doesn't matter if the check is racey or not. 

The path walk with the checks if path components to $HOME/.ssh are 
writeable for users other than the target user is much more useful in 
this context, while it is not necessary either.

> 
> Regards,
> Jason

Roman.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ