On Tue, May 01, 2018 at 04:48:50PM +0100, Andrew Gallagher wrote: > Package: monkeysphere > Version: 0.41-1 > Severity: important > Tags: upstream > > Dear Maintainer, > > `/usr/share/monkeysphere/ma/update_users` deletes the managed authorised_keys > file in the case of error, > even when that error has no possible security impact. The offending code is > here: > > ``` > chown $(whoami) "$tmpAuthorizedKeys" && \ > chgrp $(id -g "$uname") "$tmpAuthorizedKeys" && \ > chmod g+r "$tmpAuthorizedKeys" && \ > mv -f "$tmpAuthorizedKeys" "${authorizedKeysDir}/${uname}" || \ > { > log error "Failed to install authorized_keys for '$uname'!" > rm -f "${authorizedKeysDir}/${uname}" > # indicate that there has been a failure: > returnCode=1 > } > ``` > > Any error whatsoever in this pipeline will cause `rm -f > "${authorizedKeysDir}/${uname}"` to be invoked, > potentially locking out the affected user. A transient filesystem error can > easily cause all users of a > system to be locked out simultaneously, e.g. if /var fills up. This has > happened to me several times. > > Are you sure you want to remove the *live* authorized_keys file in case of > error? Not the temp one? I don't > understand how a failed `mv` in this case could cause a security issue > serious enough to warrant disabling > a login method.
Makes sense. This was probably meant to be: rm -f "$tmpAuthorizedKeys" A.
signature.asc
Description: PGP signature