1
From 8d9575775737c08c6cbfdf7f9a22f2ea4ab21b20 Mon Sep 17 00:00:00 2001
2
From: Ricky Zhou <ricky@fedoraproject.org>
3
Date: Mon, 29 Aug 2011 16:01:12 -0400
4
Subject: [PATCH] Drop privileges before creating and chmodding SSH keys.
6
Previously, potentially abusable chown and chmod calls were performed as
7
root. This tries to moves as much as possible into code which is run
8
after privileges have been dropped.
10
Huge thanks to Ricky Zhou <ricky@fedoraproject.org> for discovering this and
11
supplying the security fix. Awesome work.
13
Signed-off-by: Daniel Pittman <daniel@puppetlabs.com>
15
lib/puppet/provider/ssh_authorized_key/parsed.rb | 19 ++++++++++---------
16
.../provider/ssh_authorized_key/parsed_spec.rb | 16 ++++++++--------
17
2 files changed, 18 insertions(+), 17 deletions(-)
19
Index: puppet-2.7.1/lib/puppet/provider/ssh_authorized_key/parsed.rb
20
===================================================================
21
--- puppet-2.7.1.orig/lib/puppet/provider/ssh_authorized_key/parsed.rb 2011-06-27 09:50:51.000000000 -0500
22
+++ puppet-2.7.1/lib/puppet/provider/ssh_authorized_key/parsed.rb 2011-09-30 08:23:03.000000000 -0500
25
raise Puppet::Error, "Cannot write SSH authorized keys without user" unless @resource.should(:user)
26
raise Puppet::Error, "User '#{@resource.should(:user)}' does not exist" unless uid = Puppet::Util.uid(@resource.should(:user))
27
- unless File.exist?(dir = File.dirname(target))
28
- Puppet.debug "Creating #{dir}"
29
- Dir.mkdir(dir, dir_perm)
30
- File.chown(uid, nil, dir)
33
# ParsedFile usually calls backup_target much later in the flush process,
34
# but our SUID makes that fail to open filebucket files for writing.
35
# Fortunately, there's already logic to make sure it only ever happens once,
36
# so calling it here supresses the later attempt by our superclass's flush method.
37
self.class.backup_target(target)
39
- Puppet::Util::SUIDManager.asuser(@resource.should(:user)) { super }
40
- File.chown(uid, nil, target)
41
- File.chmod(file_perm, target)
42
+ Puppet::Util::SUIDManager.asuser(@resource.should(:user)) do
43
+ unless File.exist?(dir = File.dirname(target))
44
+ Puppet.debug "Creating #{dir}"
45
+ Dir.mkdir(dir, dir_perm)
50
+ File.chmod(file_perm, target)
54
# parse sshv2 option strings, wich is a comma separated list of
55
Index: puppet-2.7.1/spec/unit/provider/ssh_authorized_key/parsed_spec.rb
56
===================================================================
57
--- puppet-2.7.1.orig/spec/unit/provider/ssh_authorized_key/parsed_spec.rb 2011-06-27 09:50:51.000000000 -0500
58
+++ puppet-2.7.1/spec/unit/provider/ssh_authorized_key/parsed_spec.rb 2011-09-30 08:23:03.000000000 -0500
63
- it "should chown the directory to the user" do
64
+ it "should absolutely not chown the directory to the user" do
65
uid = Puppet::Util.uid("random_bob")
66
- File.expects(:chown).with(uid, nil, "/tmp/.ssh_dir")
67
+ File.expects(:chown).never
71
- it "should chown the key file to the user" do
72
+ it "should absolutely not chown the key file to the user" do
73
uid = Puppet::Util.uid("random_bob")
74
- File.expects(:chown).with(uid, nil, "/tmp/.ssh_dir/place_to_put_authorized_keys")
75
+ File.expects(:chown).never
83
- it "should chown the directory to the user if it creates it" do
84
+ it "should absolutely not chown the directory to the user if it creates it" do
85
File.stubs(:exist?).with(@dir).returns false
86
Dir.stubs(:mkdir).with(@dir,0700)
87
uid = Puppet::Util.uid("nobody")
88
- File.expects(:chown).with(uid, nil, @dir)
89
+ File.expects(:chown).never
97
- it "should chown the key file to the user" do
98
+ it "should absolutely not chown the key file to the user" do
99
uid = Puppet::Util.uid("nobody")
100
- File.expects(:chown).with(uid, nil, File.expand_path("~nobody/.ssh/authorized_keys"))
101
+ File.expects(:chown).never