Hey all, Anyone know why the NixOS PAM config that gets generated when the sshAgentAuth setting is set to true includes files owned by the user (within that user's home directory)?
It seems like this could be rather insecure, given that an attacker who obtained the ability to write files using the current user's permissions could simply write new SSH keys into these authorized keys files and obtain access to whatever services are configured to allow SSH agent-based authentication (including, perhaps, su and/or sudo) Would it make more sense to change this to reference only the /etc/pam/authorized_keys.d/%u path? Kind regards, -aldiyen
_______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
