[NBLUG/talk] SSH not letting me login
Dave Sisley
dsisley at arczip.com
Wed Nov 3 16:53:09 PST 2004
On Wed, Nov 03, 2004 at 02:28:14PM -0800, Eric Eisenhart wrote:
> The problem is a race condition, basically. (as well as the possibility of
> other tampering)
>
> If a program is trying to access the file /a/b/c/d and directory "c" and
> file "d" are both well protected with proper read-only permissions but
> directory "b" is writable by the world, then there's a problem, well, let me
> write in pseudocode:
>
> check_perms("d")
> filehandle = open("d")
> read(filehandle)
>
> Or, if you try to be a little smarter (as you suggested) and check the
> directory, too:
> check_perms("d")
> check_perms("c")
> filehandle = open("d")
> read(filehandle)
>
> It's possible that an attacker with write access to b could do:
> rename("c","c.old")
> rename("evildir","c");
I'm reading this as meaning that someone could just replace
directory c (and all it contains) with evildir (now renamed c,
to fool me). Now evildir is a subdirectory of b, right?
In short, ssh is insisting that the .ssh file in my home directory
be protected by protecting the entire tree, all the way to the top
(or the root, rather).
So the message I got about my home dir would have mentioned another
directory in the tree, had I mucked up the permissions any higher
in the chain.
So. Yes - it makes sense (assuming my reiteration of what you're
saying is correct).
Thanks!
-dave.
--
Dave Sisley
dsisley at arczip.com
roth-sisley.net
More information about the talk
mailing list