Date: Mon, 15 Feb 2016 14:59:19 +0100 (CET) From: Roman Drahtmueller <draht@...altsekun.de> To: oss-security <oss-security@...ts.openwall.com> cc: harlowja@...il.com, smoser@...ckies.net Subject: Re: cloud-init follows symlinks for ssh authorized_keys [...] > Again, os.path.isdir follows symlinks, and so do chown and chmod, and > also the functions underlying write_file. By the way there are some > more race condition situations happening in the latter function, among > others, in which directories can be removed or changed around after > the "ensure" check. Whether or not that constitutes a security issue > remains to be seen. > > Anyway, make of this what you will. Is this a vector? Is this not a > vector? It's certainly not very robust code in any case. Wouldn't it be a problem in the set-up much earlier if an unprivileged user can write to a different user's directories? A symlink for $HOME/.ssh/authorized_keys may have a practicacl purpose, such as a system-wide file for functional users. >From this viewpoint, it doesn't matter if the check is racey or not. The path walk with the checks if path components to $HOME/.ssh are writeable for users other than the target user is much more useful in this context, while it is not necessary either. > > Regards, > Jason Roman.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ