diff options
| author |  Alexander GQ Gerasiov <gq@cs.msu.su> | 2017-12-22 14:00:17 +0300 |
|---|---|---|
| committer | Alexander GQ Gerasiov <gq@cs.msu.su> | 2017-12-22 14:00:21 +0300 |
| commit | b5542fc94863a4f0fd016c6ea3ab81c14890ff7b (patch) | |
| tree | 2a6834a65d687039a7a7967c06d5263d6d38d482 /etc | |
| parent | firemon fixes (diff) | |
| download | firejail-b5542fc94863a4f0fd016c6ea3ab81c14890ff7b.tar.gz firejail-b5542fc94863a4f0fd016c6ea3ab81c14890ff7b.tar.zst firejail-b5542fc94863a4f0fd016c6ea3ab81c14890ff7b.zip | |
disable-common.inc: read-only access to ~/.ssh/authorized_keys
disable-common.inc blacklists whole .ssh, but some profiles (e.g. idea.sh)
unblacklists it to allow git over ssh with public key auth.
But this creates security hole, since firejailed app could modify
~/.ssh/authorized_keys and allow arbitrary code execution on the host with sshd
installed (e.g. ssh localhost and run any program) or even open backdoor for
remote attacker.
This commits disallows write access to ~/.ssh/authorized_keys even if .ssh was
unblacklisted.
Signed-off-by: Alexander GQ Gerasiov <gq@cs.msu.su>
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/disable-common.inc | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index 3344c3a1f..91c554f2e 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
| @@ -194,6 +194,9 @@ read-only ${HOME}/.zshenv | |||
| 194 | read-only ${HOME}/.zshrc | 194 | read-only ${HOME}/.zshrc |
| 195 | read-only ${HOME}/.zshrc.local | 195 | read-only ${HOME}/.zshrc.local |
| 196 | 196 | ||
| 197 | # Remote access | ||
| 198 | read-only ${HOME}/.ssh/authorized_keys | ||
| 199 | |||
| 197 | # Initialization files that allow arbitrary command execution | 200 | # Initialization files that allow arbitrary command execution |
| 198 | read-only ${HOME}/.caffrc | 201 | read-only ${HOME}/.caffrc |
| 199 | read-only ${HOME}/.dotfiles | 202 | read-only ${HOME}/.dotfiles |