[Bug 2276] AuthorizedKeysCommand: add an option for alternate owner

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Mar 3 19:54:32 AEDT 2015


--- Comment #4 from Alon Bar-Lev <alon.barlev at gmail.com> ---
Rebased on top of master.

Can you please reply to question at comment#2? It will simplify the
implementation but I think there is potential security cost.

(In reply to Alon Bar-Lev from comment #2)
> (In reply to Damien Miller from comment #1)
> > I think it would be reasonable to relax the permission check to
> > allow the command to be owned by the user who started sshd as well
> > as root. I don't think another option is warranted or necessary.
> I thought that the original code was designed to block the user that
> ssh into local to modify the command, I did not want to violate this
> restriction.
> Did I understand incorrectly why we limit ownership?

You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list