Drop privileges before creating and chmodding SSH keys.
88512e880bd2Unpublished
Actions

Unpublished Commit · Learn More

Repository Importing: This repository is still importing.

Description

Drop privileges before creating and chmodding SSH keys.

Previously, potentially abusable chown and chmod calls were performed as
root. This tries to moves as much as possible into code which is run
after privileges have been dropped.

Huge thanks to Ricky Zhou <ricky@fedoraproject.org> for discovering this and
supplying the security fix. Awesome work.

Fixes CVE-2011-3870

Signed-off-by: Daniel Pittman <daniel@puppetlabs.com>

Details

Provenance

Ricky Zhou <ricky@fedoraproject.org>	Authored on
Michael Stahnke <stahnma@puppetlabs.com>	Committed on Sep 29 2011, 8:28 PM
vanmeeuwen	Pushed on Jun 2 2015, 2:22 PM

Parents

rPU2775c21ae48e: (#9794) k5login can overwrite arbitrary files as root

Branches

Unknown

Tags

Unknown

Event Timeline

Michael Stahnke <stahnma@puppetlabs.com> committed rPU88512e880bd2: Drop privileges before creating and chmodding SSH keys. (authored by Ricky Zhou <ricky@fedoraproject.org>).Sep 29 2011, 8:28 PM

Changes (2)

Path

Size

lib/

puppet/

provider/

ssh_authorized_key/

parsed.rb

spec/

unit/

provider/

ssh_authorized_key/

parsed_spec.rb

rPU88512e880bd2

View Options

lib/puppet/provider/ssh_authorized_key/parsed.rb