On Fri, 19 Jan 2007 09:53:23 -0600 Kirk Strauser wrote:

>> Why not?  Group write is plenty enough for someone else to replace the
>> .ssh directory with another one, so sshd checks for that.
>
> To replace it with another 700 directory owned by the user, containing a 40=
> file also owned by the user?

That obviously isn't possible - at least not directly. I would be
feasible to replace and existing ssh_config in the user's directory if
this had too liberal rights and the file were located at ~, not ~/.ssh/.
If the attacker got at the config-file he or she could put in a new
position for the authorized_keys and thus replace the file. All very
theoretical and not likely since the defaults of FreeBSD won't allow it.
root must mess up for this one. Does root ever mess up? :-)

I think it's more likely that the sshd only checks this one directory in
case of public key authentification. If it is group- or world- writable
it doesn't trust the key file. Checking the exact location and the file
itself if there is any chance it could be tampered with would result in
a more complex algorithm and complexity is something you try to avoid in
security matters.

Regards
Chris
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to