Clem Taylor wrote:
I'm working on an embedded Linux system that has a read-only jffs2
root file system. /tmp is a tmpfs file system for files that need to
be writable. Anything that needs writable files is symlinked to /tmp.
[...]
It seems that sshd is finding the absolute path of the authorized_keys
file and then stating the first path entry. I'm not quite sure why it
is checking the top level directory and not the permissions of the
directory that contains the authorized_keys.
The check stops at the user's home directory if the real pathname is
within that directory, otherwise it checks every parent directory to the
root.
Generally, if a directory is group or world writable then the
authorized_keys files and/or the .ssh directory could be renamed and
recreated by a third party (the check does not consider the sticky bit,
as it's rarely set on home directories).
I'd rather avoid having to separate tmpfs filesystems, so is there an
easy way to work around this problem? I'm using OpenSSH_3.9p1 and
OpenSSL 0.9.7e.
set "StrictModes no" in sshd_config? You could also teach the checks
(secure_filename in auth.c) about sticky bits on directories.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
