AW: AuthorizedKeysCommand support added
Damien Miller
djm at mindrot.org
Thu Nov 1 02:57:35 EST 2012
On Wed, 31 Oct 2012, Fiedler Roman wrote:
> Hi,
>
> Just curious:
>
> > ...
> > The program is executed (directly, not via the shell) with a single
> > argument of the user being logged in. It produces on stdout zero or more
> > lines in authorized_keys format. The program must terminate normally and
> > with a zero exit status or its output is disregarded.
> >
> > The program is executed as the user being logged in, unless a different
> > user is specified using AuthorizedKeysCommandUser.
>
> Does this allow:
>
> * Login as user x
> * Fork a daemon process to stay alive after logout
> * Logout
> * Login again
> * Let the daemon process running as x attach to the key-fetch-script running as x, take over fds, ..
> * Let key-fetch-script return something nice
>
> This would of course only work, if e.g. ptrace-attach to non-children
> with same UID is allowed, which is OK on older kernels/distros, new
> ones should block that.
Well, it would let you break into your own account. This is a risk of using
the target user for the login script, which is something we explicitly
recommend against.
-d
More information about the openssh-unix-dev
mailing list