patch to send incoming key to AuthorizedKeysCommand via stdin

Eldon Koyle esk-openssh at esk.cs.usu.edu
Sat Mar 22 10:59:13 EST 2014


On  Mar 21 13:56-0400, Scott Duckworth wrote:
> On Fri, Mar 21, 2014 at 12:15 PM, Daniel Kahn Gillmor <dkg at fifthhorseman.net>
> wrote:
> > those limits suggest that the size is 128kiB on anything resembling a
> > modern Linux system.
> 
> How about other platforms?

It looks like they are all over the place.  See:
 http://www.in-ulm.de/~mascheck/various/argmax/#results
for some actual numbers (however a lot of those seem to be pretty
obscure *NIX variants).


> > ssh-keygen doesn't generate anything greater than 16384 bits (16Kib, or
> > 2KiB), and very few people use anything even close to that size.  using
> > base64 encoding inflates the size to 4/3, so we're talking about < 3KiB
> > for the full base64-enoded, largest possible public key.
> >
> > More modern keys (EdDSA or ECDSA) are much much smaller.
> >
> > I'm glad you're thinking about size limits for env and argv, but i don't
> > think this is even close to the size limits of realistic systems.
> 
> Even though ssh-keygen doesn't produce anything larger than 16384 bits,
> wouldn't it be possible for somebody to craft a key that is larger to
> attempt a buffer overflow?
<snip>

You can check sysconf(_SC_ARG_MAX) to get an idea of the size limit.
See:
	http://www.in-ulm.de/~mascheck/various/argmax/
for more detailed information.

Also, setenv/putenv should return an error rather than overflow the
buffer if the variable is too large.

The only other concern would be a buffer overflow in the
AuthorizedKeysCommand.  See:
    https://www.owasp.org/index.php/Buffer_Overflow_via_Environment_Variables
for an example.

-- 
Eldon Koyle



More information about the openssh-unix-dev mailing list