check file permissions as authenticating user #107
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
It's necessary to check permissions of authorized_keys file with the same euid as opening the file, otherwise the permissions check may fail even if the following fopen would succeed. This can happen e.g. when user's directory is mounted from an NFS share with squashroot.
|
Hello, I found this problem with 2019.78 and it still exists with 2020.80. When the user's directory is mounted through NFS with root squash option (on the server), then checkpubkeyperms() would fail. The code after the invocation of checkpubkeyperms() already has a fix for this, the permissions are being correctly apply for fopen(), but even if fopen() would pass, checkpubkeyperms() fails because it's running with root privileges. This is one possible to fix this issue. |
mkj
added a commit
that referenced
this pull request
Mar 30, 2022
This is necessary on NFS with squash root. Based on work from Chris Dragan This commit also tidies some trailing whitespace. Fixes github pull #107
|
Thanks Chris, I've applied a similar change in 2f68f66 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
It's necessary to check permissions of authorized_keys file with the same euid
as opening the file, otherwise the permissions check may fail even if the
following fopen would succeed. This can happen e.g. when user's directory
is mounted from an NFS share with root squash.