On Tue, May 01, 2018 at 04:48:50PM +0100, Andrew Gallagher wrote:
> Package: monkeysphere
> Version: 0.41-1
> Severity: important
> Tags: upstream
>
> Dear Maintainer,
>
> `/usr/share/monkeysphere/ma/update_users` deletes the managed authorised_keys
> file in the case of error,
> even when that error has no possible security impact. The offending code is
> here:
>
> ```
> chown $(whoami) "$tmpAuthorizedKeys" && \
> chgrp $(id -g "$uname") "$tmpAuthorizedKeys" && \
> chmod g+r "$tmpAuthorizedKeys" && \
> mv -f "$tmpAuthorizedKeys" "${authorizedKeysDir}/${uname}" || \
> {
> log error "Failed to install authorized_keys for '$uname'!"
> rm -f "${authorizedKeysDir}/${uname}"
> # indicate that there has been a failure:
> returnCode=1
> }
> ```
>
> Any error whatsoever in this pipeline will cause `rm -f
> "${authorizedKeysDir}/${uname}"` to be invoked,
> potentially locking out the affected user. A transient filesystem error can
> easily cause all users of a
> system to be locked out simultaneously, e.g. if /var fills up. This has
> happened to me several times.
>
> Are you sure you want to remove the *live* authorized_keys file in case of
> error? Not the temp one? I don't
> understand how a failed `mv` in this case could cause a security issue
> serious enough to warrant disabling
> a login method.
Makes sense. This was probably meant to be:
rm -f "$tmpAuthorizedKeys"
A.
signature.asc
Description: PGP signature
