Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: authorized_keys in /tmp/.ssh?

from [Darren Tucker] Network Security [Permanent Link]
Subject: Re: authorized_keys in /tmp/.ssh?
Date: Fri, 20 Oct 2006 00:34:15 +1000
Clem Taylor wrote: 
I'm working on an embedded Linux system that has a read-only jffs2
root file system. /tmp is a tmpfs file system for files that need to
be writable. Anything that needs writable files is symlinked to /tmp.
[...] 
It seems that sshd is finding the absolute path of the authorized_keys
file and then stating the first path entry. I'm not quite sure why it
is checking the top level directory and not the permissions of the
directory that contains the authorized_keys.

The check stops at the user's home directory if the real pathname is within that directory, otherwise it checks every parent directory to the root.

Generally, if a directory is group or world writable then the authorized_keys files and/or the .ssh directory could be renamed and recreated by a third party (the check does not consider the sticky bit, as it's rarely set on home directories).

I'd rather avoid having to separate tmpfs filesystems, so is there an
easy way to work around this problem? I'm using OpenSSH_3.9p1 and
OpenSSL 0.9.7e.

set "StrictModes no" in sshd_config? You could also teach the checks (secure_filename in auth.c) about sticky bits on directories.

--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Debugging SFTP for openSSH 4.4p1, Darren Tucker
Next by Date:  Re: problem with publickey authentication, Duane Winner
Previous by Thread:  Re: authorized_keys in /tmp/.ssh?, Alexander Klimov
Next by Thread:  Re: authorized_keys in /tmp/.ssh?, Clem Taylor
Indexes:  [Date] [Thread] [Top] [All Lists]