From b5542fc94863a4f0fd016c6ea3ab81c14890ff7b Mon Sep 17 00:00:00 2001
From: Alexander GQ Gerasiov <gq@cs.msu.su>
Date: Fri, 22 Dec 2017 14:00:17 +0300
Subject: disable-common.inc: read-only access to ~/.ssh/authorized_keys

disable-common.inc blacklists whole .ssh, but some profiles (e.g. idea.sh)
unblacklists it to allow git over ssh with public key auth.

But this creates security hole, since firejailed app could modify
~/.ssh/authorized_keys and allow arbitrary code execution on the host with sshd
installed (e.g. ssh localhost and run any program) or even open backdoor for
remote attacker.

This commits disallows write access to ~/.ssh/authorized_keys even if .ssh was
unblacklisted.

Signed-off-by: Alexander GQ Gerasiov <gq@cs.msu.su>
---
 etc/disable-common.inc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index 3344c3a1f..91c554f2e 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -194,6 +194,9 @@ read-only ${HOME}/.zshenv
 read-only ${HOME}/.zshrc
 read-only ${HOME}/.zshrc.local
 
+# Remote access
+read-only ${HOME}/.ssh/authorized_keys
+
 # Initialization files that allow arbitrary command execution
 read-only ${HOME}/.caffrc
 read-only ${HOME}/.dotfiles
-- 
cgit v1.2.3-54-g00ecf