Bug 1471 - sshd can block if authorized_keys is a named pipe
Summary: sshd can block if authorized_keys is a named pipe
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sshd (show other bugs)
Version: 4.7p1
Hardware: All Linux
: P2 minor
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks: V_5_1
  Show dependency treegraph
 
Reported: 2008-05-27 00:01 AEST by Colin Watson
Modified: 2008-07-22 12:24 AEST (History)
2 users (show)

See Also:


Attachments
open authorized_keys and shosts in non-blocking mode, check st_mode (3.03 KB, patch)
2008-06-13 13:19 AEST, Damien Miller
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Colin Watson 2008-05-27 00:01:57 AEST
Solar Designer noticed indirectly that sshd child processes (and probably other parts of OpenSSH) can block if ~/.ssh/authorized_keys is a named pipe with an open writer. Perhaps it would be worth checking S_ISREG before trying to open a key file?

(I'm hoping nobody is actually relying on this as a feature. I can't imagine how you'd do so reliably.)
Comment 1 Damien Miller 2008-06-13 13:19:30 AEST
Created attachment 1517 [details]
open authorized_keys and shosts in non-blocking mode, check st_mode

.shosts is another file that the server can be made to open. This diff should fix it and authorized_keys.
Comment 2 Damien Miller 2008-06-13 14:41:29 AEST
that patch has a small bug (don't use it), but a similar one has been submitted and will be in openssh-5.1. Thanks!
Comment 3 Solar Designer 2008-06-16 17:38:34 AEST
I'd add O_NOCTTY.  On some systems it is a no-op, but on others it makes a difference.

Also, a maximum size check both before and during reads could make sense, but it is not clear what the limit should be (1 MB maybe? or would anyone want to put thousands of keys on an account?)

I suppose O_NOFOLLOW would break some existing setups and it does not buy all that much (at least not when arbitrary hard links are allowed by the kernel and there are interesting things on the same device).
Comment 4 Damien Miller 2008-07-22 12:24:45 AEST
Mass update RESOLVED->CLOSED after release of openssh-5.1