Re: patch to send incoming key to AuthorizedKeysCommand via stdin

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Sun, Mar 23, 2014 at 4:59 AM, Peter Stuge <peter@xxxxxxxx> wrote:
> What's the problem with forking and writing to the pipe from the
> parent only when it is writable?

If the child process does not explicitly close stdin then there is no way
to know if it is actually being read from.  All that is known is that you
can write *some* data to the pipe, but once the pipe's buffer fills up and
it is not emptied then the parent process (sshd) will block indefinitely.
The only way this could be avoided is by introducing some sort of timeout
to the write.  Polling to see when you can write without blocking won't be
enough because the child process may just be slow to read the pipe, or it
may have stopped reading before EOF.

The only safe way to pass the key via a pipe is to require any
AuthorizedKeysCommand to either explicitly close stdin or consume stdin
until EOF.  There's no way to enforce this in code, and there's likely
already a lot of commands in use that do neither of these.  Hence passing
the data in environment variables or parameters are the only safe ways to
do this.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux