On Wed, 18 Oct 2006, Clem Taylor wrote: > /tmp is 1777, but /tmp/.ssh is 0700. When I attempt to login using a > key that is in authorized_keys, I get "sshd: Authentication refused: > bad ownership or modes for directory /tmp". If I change the > permissions of /tmp to 1755, then sshd will allow the login, but > this causes problems for things not running as root that need to > write to /tmp. > > It seems that sshd is finding the absolute path of the > authorized_keys file and then stating the first path entry. I'm not > quite sure why it is checking the top level directory and not the > permissions of the directory that contains the authorized_keys.
Because someone can change the upper directory (rename its subdirectory) and effectively replace your authorized_keys with authorized_keys from some other directory: for example, if there are /a/b/c and /a/d/c and one can change /a, he can rename /a/b -> /a/X and /a/d -> /a/b -- even if he cannot change old /a/b, now /a/b/c is his file. > I'd rather avoid having to separate tmpfs filesystems, so is there > an easy way to work around this problem? I'm using OpenSSH_3.9p1 and > OpenSSL 0.9.7e. If you understand the security implications, simply edit secure_filename in auth.c and remove the loop "for each component of the canonical path, walking upwards". -- Regards, ASK
