Drop privileges before creating and chmodding SSH keys.
b29b1785d543Unpublished
Actions

Unpublished Commit · Learn More

Repository Importing: This repository is still importing.

Description

Drop privileges before creating and chmodding SSH keys.

Previously, potentially abusable chown and chmod calls were performed as
root. This tries to moves as much as possible into code which is run
after privileges have been dropped.

Huge thanks to Ricky Zhou <ricky@fedoraproject.org> for discovering this and
supplying the security fix. Awesome work.

Fixes CVE-2011-3870

Signed-off-by: Daniel Pittman <daniel@puppetlabs.com>

Details

Provenance

Ricky Zhou <ricky@fedoraproject.org>	Authored on
Michael Stahnke <stahnma@puppetlabs.com>	Committed on Sep 29 2011, 8:28 PM
vanmeeuwen	Pushed on Jun 2 2015, 2:22 PM

Parents

rPU7d4c169df84f: (#9794) k5login can overwrite arbitrary files as root

Branches

Unknown

Tags

Unknown

Event Timeline

Michael Stahnke <stahnma@puppetlabs.com> committed rPUb29b1785d543: Drop privileges before creating and chmodding SSH keys. (authored by Ricky Zhou <ricky@fedoraproject.org>).Sep 29 2011, 8:28 PM

Changes (2)

Path

Size

lib/

puppet/

provider/

ssh_authorized_key/

parsed.rb

spec/

unit/

provider/

ssh_authorized_key/

parsed_spec.rb

rPUb29b1785d543

View Options

lib/puppet/provider/ssh_authorized_key/parsed.rb