[Pkg-privacy-commits] [Git][pkg-privacy-team/monkeysphere][master] 33 commits: fix paths to monkeysphere-doc

Tue Mar 5 17:09:27 GMT 2019

Daniel Kahn Gillmor pushed to branch master at Privacy Maintainers / monkeysphere

Commits:
ac5a4d1f by Daniel Kahn Gillmor at 2018-10-16T18:02:46Z
fix paths to monkeysphere-doc

- - - - -
815038b4 by Daniel Kahn Gillmor at 2018-10-16T18:03:21Z
use DEP-14 branch naming in preparing-release documentation

- - - - -
4c8864ea by Sunil Mohan Adapa at 2018-10-30T16:04:11Z
Use runuser instead of su

On systems with restricted PAM security, it may not possible to use su.

- - - - -
31eff2a5 by Daniel Kahn Gillmor at 2018-10-30T16:06:41Z
rely on $PATH to find env, rather than embedding the explicit path

It should be more portable to rely on the $PATH to env than to invoke
it explicitly as /usr/bin/env.

- - - - -
82711069 by Sunil Mohan Adapa at 2019-01-20T14:25:09Z
Better sharing of temp directory across root and monkeysphere user

In a couple of cases, monkeysphere commands running as run create a temporary
directory in TMPDIR (provided by environment) and then change the
ownership/permissions on that directory for monkeysphere user to use that
directory.

This works in a normal setup but fails when libpam-tmpdir is installed. This PAM
module causes the tmp directory to be /tmp/user/0/ so that it is harder to for
users to access each other temporary files. This improves security but causes
problem for above situation as the parent directory of the directory to be
shared is not allowed access by other users.

To fix this, explicitly set the TMPDIR to a known location that can be used to
share files across users. /var/lib/monkeysphere/authentication/tmp is a
directory that is already being setup and used for such purposes. Reuse it
instead of created a new one. Apply the fix conservatively only in cases needed.

Closes: #656750.

Signed-off-by: Sunil Mohan Adapa <sunil at medhas.org>

- - - - -
b6b3c529 by Daniel Kahn Gillmor at 2019-01-20T22:17:30Z
Clean up some shell, coreutils, and mktemp loopholes

In some very unusual cases, where the system monkeysphere directory
has whitespace in the paths, or where some filenames start with a "-",
the shell, mktemp, or various components of coreutils could
misinterpret the commands given.

This cleans up some of those mistakes, many of which have been in the
monkeysphere codebase for ages.

Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>

- - - - -
48f5a134 by Daniel Kahn Gillmor at 2019-01-21T16:43:38Z
tests/basic: Expose unexpected differences

There is no good reason to pass -q to diff in the test suite.  If
there's a difference, the test suite will fail, and we want to know
what the difference is.

- - - - -
c48ffcd6 by Daniel Kahn Gillmor at 2019-01-21T17:03:07Z
README: document Monkeysphere dependencies

- - - - -
3e2b94b3 by Daniel Kahn Gillmor at 2019-01-21T20:04:24Z
Use gpg --export-ssh-key instead of openpgp2ssh

GnuPG 2.1.11 introduced gpg --export-ssh-key.  By relying on it
explicitly, we can reduce our dependency on keytrans, no longer
needing it for getting SSH-style public key information out of OpenPGP
certificates.

This increases our versioned dependency on GnuPG, and introduces a
requirement to have OpenSSH's ssh-keygen around for generating ssh
fingerprints.

We aren't yet handling secret transformations, though.

- - - - -
c4c2e888 by Daniel Kahn Gillmor at 2019-01-21T20:47:03Z
Simplify by using more modern GnuPG

Since we're using a modern version of GnuPG, we can remove some of the
fancier versioned checks.  If we're willing to depend on gpg >=
2.1.17, we can probably move even more, since that's when the --quick-* interface really stabilized.

- - - - -
af4bfcd3 by Daniel Kahn Gillmor at 2019-01-23T00:15:06Z
Add Ed25519 support to agent-transfer

agent-transfer used to only work for RSA keys.  With this changeset,
it grows support for ed25519 keys, so "monkeysphere
subkey-to-ssh-agent" should be able to work for ed25519
authentication-capable subkeys as well.

- - - - -
2a30561c by Daniel Kahn Gillmor at 2019-01-23T00:34:19Z
monkeysphere subkey-to-ssh-agent: consider Ed2559 subkeys as well as RSA

- - - - -
32f36299 by Daniel Kahn Gillmor at 2019-01-23T00:37:25Z
Document new agent-transfer 25519 support

- - - - -
2b298cad by Daniel Kahn Gillmor at 2019-01-23T00:39:09Z
Overwrite compressed manpages unconditionally during build

Without this, sometimes the build process is interrupted with a
prompt:

   gzip: replaced/man/man1/agent-transfer.1.gz already exists; do you wish to overwrite (y or n)?

- - - - -
c2ad1254 by Daniel Kahn Gillmor at 2019-01-23T00:52:39Z
Suggest 3072-bit as a default

There are only a few places where monkeysphere is actively creating
keys.  By default now, use 3072-bit RSA (and be explicit that it's
RSA, in preparation for being able to move to a different algorithm)

- - - - -
85f5513d by Daniel Kahn Gillmor at 2019-01-23T00:59:36Z
Update copyright years

- - - - -
63f9eb31 by Daniel Kahn Gillmor at 2019-01-23T20:00:17Z
Add test for Ed25519 authentication-capable subkeys

This new test will only work for GnuPG version 2.1.17 and later, when
--quick-add-key was added.  It's intended to pave the way for a future
version of monkeysphere that has a tighter GnuPG dependency and can
drop the dependency on perl entirely.

- - - - -
8a887e38 by Daniel Kahn Gillmor at 2019-01-23T20:00:17Z
Move all outbound links from http to https

- - - - -
6ed85ae6 by Daniel Kahn Gillmor at 2019-01-23T20:00:17Z
Update stale Slackware packaging info

- - - - -
84e75d72 by Daniel Kahn Gillmor at 2019-01-23T20:00:17Z
Fix spelling

- - - - -
4cf70afc by Daniel Kahn Gillmor at 2019-01-23T20:00:17Z
Use 3072-bit RSA keys in tests

We were using 1024-bit RSA keys in tests to avoid blocking on systems
with limited entropy.  As we move into the getrandom() era, this is a
situation that we should expect the operating system to handle
correctly, and our tools should be tested with sensible limits and
sensible key sizes.

- - - - -
1453f99b by Daniel Kahn Gillmor at 2019-01-23T20:00:17Z
pem2openpgp: clearer error messages for PEM2OPENPGP_NEWKEY

This should resolve https://bugs.debian.org/906755

- - - - -
5f2e56e6 by Daniel Kahn Gillmor at 2019-01-23T20:00:17Z
Comment fix: monkeysphere-server has not existed for a long time

- - - - -
bc443de6 by Daniel Kahn Gillmor at 2019-01-23T20:00:17Z
Avoid unnecessary user lockout

See the argument here: https://bugs.debian.org/897366

I discussed this on IRC with anarcat, and did some code archaeology,
and could not find any reason for the excessive paranoia.  If the
chown/chmod/mv sequence fails, then we should report an error and
remove the temporary incoming file, not the pre-existing one.

- - - - -
b1608b91 by Daniel Kahn Gillmor at 2019-01-23T22:41:39Z
Improve monkeysphere-authentication diagnostics

Since OpenSSH 6.0, the sshd server has supported sshd -T to dump the
config without needing to find the file.  Encourage the use of a
modern version of sshd, and improve the diagnostics as a result.

- - - - -
16361f60 by Daniel Kahn Gillmor at 2019-01-23T22:41:39Z
document versioned dependency on OpenSSH

- - - - -
56ce9502 by Daniel Kahn Gillmor at 2019-01-23T22:42:27Z
Changelog documents proposed 0.43

- - - - -
43629c46 by Daniel Kahn Gillmor at 2019-01-24T19:18:25Z
Correct spacing of Changelog (helps generating correct releasenotes)

- - - - -
27a86a05 by Daniel Kahn Gillmor at 2019-01-24T20:33:32Z
Expose sshd logs when ssh test fails

- - - - -
a8f4ac40 by Daniel Kahn Gillmor at 2019-01-24T21:57:26Z
Ensure that "make test-ed25519" works when no tty is present

- - - - -
318134aa by Daniel Kahn Gillmor at 2019-01-24T22:03:38Z
Dump remaining jobs during test cleanup

See https://bugs.debian.org/920038 for more information about why this
additional debugging information might be useful.

- - - - -
d558bf0a by Daniel Kahn Gillmor at 2019-03-04T21:18:09Z
Add superuser $PATH for crontab examples

Since monkeysphere-authentication typically relies on runuser, and ISC
cron typically sets only PATH=/usr/bin:/bin

So we need to include the expected superuser's $PATH when crontab
entry.

- - - - -
97ade311 by Daniel Kahn Gillmor at 2019-03-05T16:57:06Z
Avoid TIOCSTI abuse by the monkeysphere user

Since util-linux 2.31, runuser has has support (sometimes
undocumented) for defense against terminal hijacking via TIOCSTI or
other techniques, by passing a --pty argument.

That option is [no longer
experimental](https://github.com/karelzak/util-linux/issues/760), so
monkeysphere-authentication should use it if it is available.

This defends against a compromised monkeysphere user being able to
attack the superuser when invoked under a controlling terminal.

Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>

- - - - -

30 changed files:

- COPYING
- Changelog
- Makefile
- README
- etc/cron.hourly/monkeysphere
- examples/crontab
- examples/make-x509-certreqs
- man/man1/agent-transfer.1
- man/man1/pem2openpgp.1
- man/man7/monkeysphere.7
- man/man8/monkeysphere-host.8
- packaging/macports/Portfile
- packaging/slackware/README
- src/agent-transfer/main.c
- src/agent-transfer/ssh-agent-proto.h
- src/monkeysphere
- src/monkeysphere-authentication
- src/monkeysphere-host
- src/share/common
- src/share/keytrans
- src/share/m/gen_subkey
- src/share/m/ssh_proxycommand
- src/share/m/subkey_to_ssh_agent
- src/share/ma/add_certifier
- src/share/ma/diagnostics
- src/share/ma/update_users
- src/share/mh/add_name
- src/share/mh/add_revoker
- src/share/mh/publish_key
- src/share/mh/revoke_name

The diff was not included because it is too large.

View it on GitLab: https://salsa.debian.org/pkg-privacy-team/monkeysphere/compare/d21457f8fbc86cd1fb5d3b0d20c7a8c8fad8fae6...97ade311fc287985972bb73a47dd75450260c389

-- 
View it on GitLab: https://salsa.debian.org/pkg-privacy-team/monkeysphere/compare/d21457f8fbc86cd1fb5d3b0d20c7a8c8fad8fae6...97ade311fc287985972bb73a47dd75450260c389
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-privacy-commits/attachments/20190305/07971b4a/attachment-0001.html>