[Pkg-privacy-maintainers] Bug#897366: monkeysphere: update-users is paranoid; locks out users unnecessarily

[Antoine Beaupre]

On Tue, May 01, 2018 at 04:48:50PM +0100, Andrew Gallagher wrote:
> Package: monkeysphere
> Version: 0.41-1
> Severity: important
> Tags: upstream
> 
> Dear Maintainer,
> 
> `/usr/share/monkeysphere/ma/update_users` deletes the managed authorised_keys file in the case of error,
> even when that error has no possible security impact. The offending code is here:
> 
> ```
> 	    chown $(whoami) "$tmpAuthorizedKeys" && \
> 		chgrp $(id -g "$uname") "$tmpAuthorizedKeys" && \
> 		chmod g+r "$tmpAuthorizedKeys" && \
> 		mv -f "$tmpAuthorizedKeys" "${authorizedKeysDir}/${uname}" || \
> 		{
> 		log error "Failed to install authorized_keys for '$uname'!"
> 		rm -f "${authorizedKeysDir}/${uname}"
> 		# indicate that there has been a failure:
> 		returnCode=1
> 	    }
> ```
> 
> Any error whatsoever in this pipeline will cause `rm -f "${authorizedKeysDir}/${uname}"` to be invoked,
> potentially locking out the affected user. A transient filesystem error can easily cause all users of a
> system to be locked out simultaneously, e.g. if /var fills up. This has happened to me several times.
> 
> Are you sure you want to remove the *live* authorized_keys file in case of error? Not the temp one? I don't
> understand how a failed `mv` in this case could cause a security issue serious enough to warrant disabling 
> a login method.

Makes sense. This was probably meant to be:

    rm -f "$tmpAuthorizedKeys"

A.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-privacy-maintainers/attachments/20190123/38a0d2a9/attachment-0001.sig>