From 71d12080937e7523fef6dc5331df80e45a297f62 Mon Sep 17 00:00:00 2001 From: Chris Dragan Date: Wed, 8 Jul 2020 14:28:49 +0100 Subject: [PATCH] check file permissions as authenticating user It's necessary to check permissions of authorized_keys file with the same euid as opening the file, otherwise the permissions check may fail even if the following fopen would succeed. This can happen e.g. when user's directory is mounted from an NFS share with squashroot. --- svr-authpubkey.c | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/svr-authpubkey.c b/svr-authpubkey.c index 46237b760..8626750a3 100644 --- a/svr-authpubkey.c +++ b/svr-authpubkey.c @@ -380,9 +380,25 @@ static int checkpubkey(const char* keyalgo, unsigned int keyalgolen, TRACE(("enter checkpubkey")) +#if DROPBEAR_SVR_MULTIUSER + /* open the file as the authenticating user. */ + origuid = getuid(); + origgid = getgid(); + if ((setegid(ses.authstate.pw_gid)) < 0 || + (seteuid(ses.authstate.pw_uid)) < 0) { + dropbear_exit("Failed to set euid"); + } +#endif + /* check file permissions, also whether file exists */ if (checkpubkeyperms() == DROPBEAR_FAILURE) { TRACE(("bad authorized_keys permissions, or file doesn't exist")) +#if DROPBEAR_SVR_MULTIUSER + if ((seteuid(origuid)) < 0 || + (setegid(origgid)) < 0) { + dropbear_exit("Failed to revert euid"); + } +#endif goto out; } @@ -395,16 +411,6 @@ static int checkpubkey(const char* keyalgo, unsigned int keyalgolen, snprintf(filename, len + 22, "%s/.ssh/authorized_keys", ses.authstate.pw_dir); -#if DROPBEAR_SVR_MULTIUSER - /* open the file as the authenticating user. */ - origuid = getuid(); - origgid = getgid(); - if ((setegid(ses.authstate.pw_gid)) < 0 || - (seteuid(ses.authstate.pw_uid)) < 0) { - dropbear_exit("Failed to set euid"); - } -#endif - authfile = fopen(filename, "r"); #if DROPBEAR_SVR_MULTIUSER