thr3ads.net - openssh bugs - [Bug 1471] New: sshd can block if authorized

If this information is useful, please help other people find it:
Share via:

bugzilla-daemon at bugzilla.mindrot.org

2008-May-26 14:02 UTC

[Bug 1471] New: sshd can block if authorized_keys is a named pipe

https://bugzilla.mindrot.org/show_bug.cgi?id=1471

           Summary: sshd can block if authorized_keys is a named pipe
    Classification: Unclassified
           Product: Portable OpenSSH
           Version: 4.7p1
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: minor
          Priority: P2
         Component: sshd
        AssignedTo: bitbucket at mindrot.org
        ReportedBy: cjwatson at debian.org


Solar Designer noticed indirectly that sshd child processes (and
probably other parts of OpenSSH) can block if ~/.ssh/authorized_keys is
a named pipe with an open writer. Perhaps it would be worth checking
S_ISREG before trying to open a key file?

(I'm hoping nobody is actually relying on this as a feature. I can't
imagine how you'd do so reliably.)

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

bugzilla-daemon at bugzilla.mindrot.org

2008-Jun-13 03:19 UTC

head link

[Bug 1471] sshd can block if authorized_keys is a named pipe

https://bugzilla.mindrot.org/show_bug.cgi?id=1471





--- Comment #1 from Damien Miller <djm at mindrot.org>  2008-06-13
13:19:30 ---
Created an attachment (id=1517)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=1517)
open authorized_keys and shosts in non-blocking mode, check st_mode

.shosts is another file that the server can be made to open. This diff
should fix it and authorized_keys.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

bugzilla-daemon at bugzilla.mindrot.org

2008-Jun-13 04:41 UTC

head link

[Bug 1471] sshd can block if authorized_keys is a named pipe

https://bugzilla.mindrot.org/show_bug.cgi?id=1471


Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED
                 CC|                            |djm at mindrot.org
             Blocks|                            |1452




--- Comment #2 from Damien Miller <djm at mindrot.org>  2008-06-13
14:41:29 ---
that patch has a small bug (don't use it), but a similar one has been
submitted and will be in openssh-5.1. Thanks!

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

bugzilla-daemon at bugzilla.mindrot.org

2008-Jun-16 07:38 UTC

head link

[Bug 1471] sshd can block if authorized_keys is a named pipe

https://bugzilla.mindrot.org/show_bug.cgi?id=1471


Solar Designer <solar at openwall.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |solar at openwall.com




--- Comment #3 from Solar Designer <solar at openwall.com>  2008-06-16
17:38:34 ---
I'd add O_NOCTTY.  On some systems it is a no-op, but on others it
makes a difference.

Also, a maximum size check both before and during reads could make
sense, but it is not clear what the limit should be (1 MB maybe? or
would anyone want to put thousands of keys on an account?)

I suppose O_NOFOLLOW would break some existing setups and it does not
buy all that much (at least not when arbitrary hard links are allowed
by the kernel and there are interesting things on the same device).

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

bugzilla-daemon at bugzilla.mindrot.org

2008-Jul-22 02:24 UTC

head link

[Bug 1471] sshd can block if authorized_keys is a named pipe

https://bugzilla.mindrot.org/show_bug.cgi?id=1471


Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED




--- Comment #4 from Damien Miller <djm at mindrot.org>  2008-07-22
12:24:45 ---
Mass update RESOLVED->CLOSED after release of openssh-5.1

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

Maybe Matching Threads

Search for more reasonably related threads

openssh bugs - May 2008 - [Bug 1471] New: sshd can block if authorized_keys is a named pipe

[Bug 1471] New: sshd can block if authorized_keys is a named pipe

[Bug 1471] sshd can block if authorized_keys is a named pipe

[Bug 1471] sshd can block if authorized_keys is a named pipe

[Bug 1471] sshd can block if authorized_keys is a named pipe

[Bug 1471] sshd can block if authorized_keys is a named pipe

Maybe Matching Threads