Colin Watson wrote: > On Fri, May 14, 2010 at 09:24:50PM -0400, Joey Hess wrote: > > I don't really understand the point of checking who can write to the > > file but assuming it's general paranoia, I think you weakened it too far > > with the user group patch. > > > > -rw-rw-r-- 1 joey nogroup 1099 Apr 15 19:37 config > > joey@gnu:~/.ssh>ssh localhost echo oops > > oops > > > > -rw-rw-r-- 1 joey games 1.1K Apr 15 19:37 config > > joey@gnu:~/.ssh>ssh localhost echo oops > > oops > > > > -rw-rw-r-- 1 joey scanner 1099 Apr 15 19:37 config > > joey@gnu:~/.ssh>ssh localhost echo oops > > Bad owner or permissions on /home/joey/.ssh/config > > > > So, it looks like any group with 0 or 1 member is allowed to own file > > file, even if the user is not a member. (Here the scanner group has 2 members.) > > Are you sure you aren't a member of group games? I am not a member of games, The games user, though is, via /etc/passwd. Not via /etc/group. joey@gnu:~>getent group games games:x:60: joey@gnu:~>getent passwd games games:x:5:60:games:/usr/games:/bin/sh joey@gnu:~>sudo -u games id uid=5(games) gid=60(games) groups=60(games) Shouldn't the passwd group membership also be checked? > A zero-member group, or any random group containing only the user, > should clearly be fine in my book because the ownership of ~/.ssh/config > by that group doesn't permit any other user to write to the file. I think that zero-member groups are typically used by sgid binaries, so assuming noone else can access them is not entirely safe. -- see shy jo
Attachment:
signature.asc
Description: Digital signature