Perhaps it should be made configurable (on a per service basis), with a more secure/best-practice type default, so it can be overriden as needed? I would be happy to make the necessary changes and make a pull request if so
On 1/13/15, 8:26 AM, "Eelco Dolstra" <[email protected]> wrote: >Hi, > >On 13/01/15 05:00, aldiyen wrote: > >> Anyone know why the NixOS PAM config that gets generated when the >>sshAgentAuth >> setting is set to true includes files owned by the user (within that >>user's home >> directory)? >> >> It seems like this could be rather insecure, given that an attacker who >>obtained >> the ability to write files using the current user's permissions could >>simply >> write new SSH keys into these authorized keys files and obtain access to >> whatever services are configured to allow SSH agent-based authentication >> (including, perhaps, su and/or sudo) >> >> Would it make more sense to change this to reference only the >> /etc/pam/authorized_keys.d/%u path? > >I'm inclined to agree, but it's worth noting that the use of user-owned >authorized key files is sanctioned by the pam_ssh_agent_auth manpage: > > http://pamsshagentauth.sourceforge.net/ > >-- >Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ >_______________________________________________ >nix-dev mailing list >[email protected] >http://lists.science.uu.nl/mailman/listinfo/nix-dev > _______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
