Subject: Re: SSH and sticky mode in directories
To: None <firstname.lastname@example.org>
From: Christos Zoulas <email@example.com>
Date: 12/20/2007 21:55:36
In article <60CF69D6-FD26-47D5-B72B-1B91D46D5D39@ac.upc.edu>,
Julio M. Merino Vidal <firstname.lastname@example.org> wrote:
>First of all, I'm not sure if this message really belongs to this
>list, but I think it can be properly discussed here. (OK, surely
>not, it should be put in the OpenSSH mailing list, whatever it is,
>but I first would like to hear some comments here.)
>I'm trying to set up some automated tests for psshfs, and to do that
>I automatically configure a new SSH server (running as an
>unprivileged user or root, it does not matter). The test uses a
>secure subdirectory in /tmp (such as /tmp/atf.123456) to store all of
>its files, which include the configuration files for the SSH server
>as well as all the user's keys and authorized_keys files (generated
>at run time to do a temporary password-less login).
>The problem I'm having is that the server refuses to open the
>authorized_keys file because one of its path components is a group/
>other-writable directory (that is, /tmp). And I think that's
>incorrect, because it should also take into account the fact that the
>directory has the sticky bit set. If that bit is set, I don't see
>how being group/other-writable is a problem. Can anybody see any
>security implications of relaxing this permission check to make sure
>that the directory is not group/other-writable or, if it is, it is
>also marked as sticky?
>If you think this is OK, can we have this fix committed to our copy
>of SSH, or should it be first passed through the OpenSSH developers?
>While looking at the code, I've found that many different files
>opened by it can suffer from this problem, so I've mechanically fixed
>all the occurrences of similar code. Patch below, just for review
I'd pass it to the OpenSSH folks first.