[Bug 1471] sshd can block if authorized_keys is a named pipe

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Mon Jun 16 17:38:40 EST 2008


https://bugzilla.mindrot.org/show_bug.cgi?id=1471


Solar Designer <solar at openwall.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |solar at openwall.com




--- Comment #3 from Solar Designer <solar at openwall.com>  2008-06-16 17:38:34 ---
I'd add O_NOCTTY.  On some systems it is a no-op, but on others it
makes a difference.

Also, a maximum size check both before and during reads could make
sense, but it is not clear what the limit should be (1 MB maybe? or
would anyone want to put thousands of keys on an account?)

I suppose O_NOFOLLOW would break some existing setups and it does not
buy all that much (at least not when arbitrary hard links are allowed
by the kernel and there are interesting things on the same device).

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list