Re: patch to send incoming key to AuthorizedKeysCommand via stdin

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Sat, Mar 22, 2014 at 12:05 PM, Daniel Kahn Gillmor <dkg@xxxxxxxxxxxxxxxxx>
wrote:
> > You can check sysconf(_SC_ARG_MAX) to get an idea of the size limit.
> > See:
> >       http://www.in-ulm.de/~mascheck/various/argmax/
> > for more detailed information.
> >
> > Also, setenv/putenv should return an error rather than overflow the
> > buffer if the variable is too large.
>
> similarly, exec should fail with E2BIG if the data is too large.

I ran some tests and it looks like setenv does not return an error when
this happens but exec does (tested on Linux and Mac OS X).

> So this is testable at runtime, when the peer sends a large key; in the
> event that the variable is too large, AuthorizedKeysCommand would simply
> fail closed.  I think this is reasonable.

Agreed.

> We could also deliberately constrain the key size, and decline to
> execute AuthorizedKeysCommand (or execute it without passing any key as
> an environment variable or argument) if the client's proposed key is
> larger than the largest key generated by ssh-keygen (16Kib at the
> moment).  This strikes me as a reasonable limit.

If exec is catching the error for us then I don't see a need to impose
another constraint on it that will have to be maintained.

> Given the discussion, i'm still leaning toward either an environment
> variable or argv.  given that we're already using argv for the username,
> i think a second argv parameter would be the cleanest.

If compatibility with programs that expect exactly one command line
parameter (the username) then it seems like the environment variable is the
way to go.  But I'll leave that decision up to those more involved with the
development of openssh.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux