Bug 2873 - AuthorizedKeysCommand with different user prevents fetching authorized keys from file
Summary: AuthorizedKeysCommand with different user prevents fetching authorized keys f...
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sshd (show other bugs)
Version: 7.7p1
Hardware: Other Linux
: P5 enhancement
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks: V_7_8
  Show dependency treegraph
 
Reported: 2018-05-31 00:24 AEST by Jakub Jelen
Modified: 2021-04-23 15:02 AEST (History)
1 user (show)

See Also:

Attachments
make sure the cached group information belongs to the current UID (1.01 KB, text/plain)
2018-05-31 00:24 AEST, Jakub Jelen 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jakub Jelen 2018-05-31 00:24:45 AEST 
Created attachment 3158 [details]
make sure the cached group information belongs to the current UID

Originally filled in Red Hat bugzilla, which provides also whole reproducer and analysis (credits to Renaud Métrich):

https://bugzilla.redhat.com/show_bug.cgi?id=1583735

In short, the AuthorizedKeysCommandUser code caches group list, which is then used also for fetching the authorized keys itself, which obviously does not work if the groups used do not overlap.

The same issue will probably exist with AuthorizedPrincipalsCommandUser, but I do not have a reproduce for this.

The correct solution should checking that the cached information about groups is for the same UID we have in pw parameter. My proposed solution is in the attachment.
Comment 1 Jakub Jelen 2018-06-15 00:53:52 AEST 
ping?
Comment 2 Damien Miller 2018-06-15 17:08:11 AEST 
Patch committed, with a couple of tweaks. Thanks!
Comment 3 Damien Miller 2021-04-23 15:02:05 AEST 
closing resolved bugs as of 8.6p1 release